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ABSTRACT 


The  Russian  Federation  is  a  key  state  actor  in  cyberspace;  cyber  events  associated  with 
Russian  state  and  non-state  actors  have  threatened  Russia’s  neighbors,  shaped 
international  cyber  norms,  as  well  as  influenced  strategists’  understanding  of  cyber 
power.  This  thesis  seeks  to  understand  Russian  cyber  capability  through  the  lens  of 
Robert  Jervis’s  offense-defense  theory  in  order  to  answer  the  thesis’s  central  question:  Do 
Russian  cyber  capabilities  reflect  an  investment  in  offensive  or  defensive  cyber  weapons, 
and  do  Russia’s  cyber  technology,  doctrine,  and  policy  differentiate  its  posture  as 
offensive  or  defensive?  To  evaluate  Russian  cyber  capability,  this  thesis  considers  two 
factors — technology  and  geography — concluding  that,  although  the  Russian  government 
is  modifying  its  cyber  terrain  to  improve  defensiveness,  Russia’s  brandished  cyber 
weapons  suggest  that  it  pursues  offensive  capability.  To  evaluate  Russia’s  posture 
differentiation,  the  thesis  examines  Russians’  understanding  of  cyber  power,  Russian 
information  warfare  and  hybrid  warfare  doctrines,  and  the  country’s  international 
engagements,  concluding  that,  although  Russia  has  historically  presented  its  posture  as 
defensive,  it  is  increasingly  difficult  to  make  that  distinction.  Finally,  the  thesis  evaluates 
this  state-level  analysis  in  the  broader  context  of  the  international  system;  Russia’s 
historical  aggression  and  current  behavior  in  cyberspace  likely  reflects  Stephen  van 
Evera’s  explanatory  hypothesis  for  the  causes  of  war — defensive  expansion. 
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I.  ASSESSING  CYBER  POWER 


The  development  and  proliferation  of  cyber  technologies  over  the  last  thirty  years 
has  added  a  new  dimension  to  international  strategy,  creating  new  threats  and 
opportunities  for  cyberspace-based  crime,  espionage,  and  warfare.  ^  A  key  actor  in  the 
cyber  domain  is  the  Russian  Federation;  cyber  events  associated  with  Russian  state  and 
non-state  actors  have  shaped  the  international  environment,  created  security  challenges, 
and  influenced  strategists’  understanding  of  cyber  power.  The  relative  novelty  and  rapid 
pace  of  cyber  development,  however,  have  also  resulted  in  gaps  in  the  understanding  of 
cyber  power  as  both  an  instrument  of  power  and  an  element  of  national  strategy. 

This  thesis  evaluates  the  role  and  posture  of  the  Russian  Federation  in  cyberspace. 
In  doing  so,  the  author  considers  the  extensive  existing  literature  of  cyber  events 
associated  with  Russia,  the  scholarly  works  that  have  examined  Russian  information 
warfare  doctrine,  and  the  record  of  Russian  engagement  through  international  institutions. 
Though,  individually,  these  subject  areas  provide  a  wealth  of  analysis  and  policy 
recommendations,  the  author’s  goal  is  to  offer  a  holistic  perspective  on  Russia’s  behavior 
in  cyberspace  through  the  lens  of  existing  international  relations  theory.  The  value  of 
understanding  Russia’s  actions  according  to  a  theoretical  framework  is  that  policy  makers 
may  more  effectively  engage  Russia,  focusing  not  just  on  immediate  crises  or  initiatives, 
but  instead,  on  crafting  a  strategic  approach  that  targets  underlying  causes  of  behavior. 

A,  PERSPECTIVES  ON  RUSSIAN  CYBER  CAPABILITY 

Assessments  of  Russia’s  cyber  power,  as  articulated  by  key  U.S.  officials, 
categorize  the  Russian  Federation  as  one  of  the  leading  powers  in  cyberspace;  this 
suggests  that  capability  parity  with  the  United  States  presents  a  potential  threat  to 
American  national  security,  and  that  intent  demonstrated  through  conflicts  with  its 


1  Lucas  Kello,  “The  Meaning  of  the  Cyber  Revolution:  Perils  to  Theory  and  Statecraft,”  International 
Security  38,  no.  2  (Fall,  2013):  7-40.  doi:  1.1 162/ISEC_a_00138. 
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neighbors  necessitates  a  continued  cyber  arms  race. 2  Congressional  reports  highlight  that 
Russia  is  a  highly  capable  actor,  recognizing  that  its  cyber  power  can  be  applied  for  both 
espionage  and  attack.  3  Open-source  U.S.  military  analysis  suggests  that  Russian  cyber 
power  is  integral  to  the  country’s  military  strategy  for  achieving  its  political  international 
objectives  and  recommends  a  broad  deterrence  policy  for  the  United  States.'^  In  addition 
to  this  primarily  offensive  conception  of  Russia’s  cyber  capability,  academic  sources 
recognize  Russia’s  own  strategic  security  concerns  in  cyberspace,  focusing  on 
information  warfare  threats  perceived  by  Russian  political  elites. ^  Collectively,  the 
existing  body  of  literature  provides  excellent  insights  into  specific  facets  of  Russia’s 
cyber  capability,  but  falls  short  of  achieving  a  comprehensive  analysis  of  Russia’s  cyber 
capabilities  and  linking  these  capabilities  to  Russia’s  offensive  and  defensive  security 
strategy  objectives. 

International  and  U.S.  evaluation  of  Russian  cyber  strategy  and  capabilities  is 
mostly  based  on  four  sets  of  Russian- associated  cyber  activities:  the  2007  Estonia  Bronze 
Soldier  crisis,  the  2008  Russo-Georgian  War,  criminal  activity  associated  with  the 
Russian  Business  Network  (RBN),  and  presumed  capabilities  of  Russia’s  spy  agencies. 
The  cyber  crisis  in  Estonia  gained  international  prominence  because  of  the  large-scale 
disruption  by  cyber  attacks  directed  at  Estonia’s  cyber  infrastructure  and  online  services. 
In  the  aftermath  of  the  month-long  crisis,  the  attacks  were  attributed  to  Russian  activists. 


2  Keith  Alexander,  “House  Armed  Services  Subcommittee,  Cyberspace  Operations  Testimony,”  The 
Cyber  Domain,  U.S.  Department  of  Defense,  September  23,  2010, 

http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/House%20Armed%20Services%20S 
ubcommittee%20Cyberspace%200perations%20T  estimony%2020 1 00923  .pdf 

3  “Cyber  Threats  from  China,  Russia,  and  Iran:  Protecting  American  Critical  Infrastructure,” 
Committee  on  Homeland  Security,  113th  Congress  (March  2013),  http://www.gpo.gov/fdsys/pkg/CHRG- 
1 13hhrg82583/html/CHRG-l  13hhrg82583  htm. 

4  Richard  G.  Zoller,  “Russian  Cyberspace  Strategy  and  a  Proposed  United  States  Response,”  Strategy 
Research  Project,  U.S.  Army  War  College,  2010,  http://handle.dtic.miP100.2/ADA522027. 

3  Stephen  Blank,  “Threats  to  and  from  Russia:  An  Assessment,”  The  Journal  of  Slavic  Military  Studies 
21,  no.  3  (2008):  491-526.  doi:10.1080/13518040802313746. 
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but  not  to  the  government. ^  Similarly,  despite  eompelling  circumstantial  evidence,  cyber 
attacks  concurrent  with  Russia’s  official  military  campaign  against  Georgia  in  August 
2008  were  conclusively  linked  solely  to  Russian  activists  and  criminal  organizations.^ 
Both  of  the  cyber  events  seemed  to  align  with  Russian  government  interests  and 
suggested  a  permissive  environment  for  non-state  cyber  actors.*  Additionally,  the 
Russian-Ukrainian  conflict  that  began  in  2014  offers  an  on-going  demonstration  of 
Russia’s  current  cyber  capabilities  and  tactics. 

Whereas  the  cyber  attacks  on  Estonia  and  Georgia  occurred  within  well-defined 
operational  windows,  criminal  cyber  activity  linked  to  Russia  has  spanned  the  last  decade 
and  is  exemplified  by  the  RBN.  Malicious  activities  associated  with  Russian  criminal 
organizations  represent  significant  cyber  capacity;  Russia’s  criminals  possess  moderately 
sophisticated  technology,  but  control  vast  online  resources.  ^  Additionally,  most  sources 
that  assess  Russia’s  cyber  capability  share  an  assumption  that  is  inherently  difficult  to 
substantiate;  Russia’s  intelligence  and  security  agencies  charged  with  cyber  missions — 
Federal  Security  Service  (FSB),  Foreign  Intelligence  Service  (SVR),  and  the  military’s 
Main  Intelligence  Directorate  (GRU) — possess  cyber  exploitation  ability  on  par  with 
leading  powers. 


^  Eneken  Tikk,  Kadri  Kaska,  and  Liis  Vihul,  International  Cyber  Incidents :  Legal  Considerations, 
(Tallinn:  Cooperative  Cyber  Defense  Centre  of  Excellence,  2010);  Rain  Ottis,  “Analysis  of  the  2007  Cyber 
Attacks  Against  Estonia  from  the  Information  Warfare  Perspective,”  presented  at  the  7th  European 
Conference  on  Information  Warfare  and  Security,  Plymouth.  (Reading:  Academic  Publishing  Limited, 
2008),  163-8. 

^  “Russia/Georgia  Cyber  War  -  Findings  and  Analysis,”  Project  Grey  Goose:  Phase  I  Report,  last 
modified  October  17,  2008,  9,  http://blog  refractal.org/wp- 

content/uploads/2008/10/2i7t2qyiwv0g63e713g.pdf;  “Overview  by  the  US-CCU  of  the  Cyber  Campaign 
Against  Georgia  in  August  of  2008,”  U.S.  Cyber  Consequences  Unit  (2009),  http://www  registan  net/wp- 
content/uploads/2009/08/US-CCU-Georgia-Cyber-Campaign-Overview.pdf;  Carolina  Vendil  Pallin,  and 
Fredrik  Westerlund,  “Russia’s  War  in  Georgia:  Lessons  and  Consequences,"  Small  Wars  &  Insurgencies 
20,  no.  2  (2009):  400-24.  doi:  10.1080/09592310902975539 

*  Scott  J.  Shackelford,  “State  Responsibility  for  Cyber  Attacks:  Competing  Standards  for  a  Growing 
Problem,”  presented  at  the  Conference  on  Cyber  Conflict  Proceedings  2010,  (Tallinn,  Estonia:  CCD  COE 
Publications,  2010):  197-208;  Timothy  L.  Thomas,  “Russia’s  Information  Warfare  Strategy:  Can  the 
Nation  Cope  in  Future  Conflicts?,”  The  Journal  of  Slavic  Military  Studies  27,  no.  1  (2014):  107-8, 
doi:10.1080/13518046.2014.874845. 

9  Alexander  Klimburg,  “Mobilizing  Cyber  Power,”  Survival:  Global  Politics  and  Strategy  53,  no.  1 
(2011):  41-60.  doi:  10.1080/00396338.2011.555595. 

“Cyber  Threats  From  China,  Russia,  and  Iran.” 
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The  limitations  of  analysis  based  on  these  events  are  that  they  typically  solely 
represent  the  cyber  power  of  Russia’s  non-state  actors,  demonstrate  only  a  portion  of  the 
broader  spectrum  of  cyber  capabilities,  and  focus  exclusively  on  offensive  capability. 
Despite  these  shortcomings,  cyber  events  associated  with  Russia  have  stimulated  the 
development  of  international  norms  and  laws  and  have  shaped  defensive  strategies  of 
states  that  perceive  themselves  vulnerable  to  similar  attacks. 

In  contrast  to  this  offense-focused  analysis,  Russian  and  select  international 
analysts  seek  to  understand  the  information  warfare  ramifications  of  cyber  power. 
Russian  doctrine  explicitly  recognizes  an  information-psychological  aspect  of  cyber 
confrontation,  and  the  Russian  government  believes  that  it  is  already  engaged  in  a 
defensive  action  in  a  global  information  war.  1 1  This  perception  is  shaped  by  the  role  of 
social  media  and  what  Russia  perceives  as  hostile  propaganda  during  the  Color 
Revolutions,  the  Arab  Spring,  and  recently  in  its  own  domestic  politics.  In  response  to 
this  perceived  security  concern,  Russia  has  continuously  advocated  for  international 
treaty  restrictions  on  cyber  warfare.  Domestically,  it  has  structured  its  information 
warfare  doctrine  to  address  this  threat,  and  has  regulated  its  information  technology 
sector  to  increase  resilience  to  hostile  information  operations,  propaganda,  and  political 
dissent.  14  While  American  and  other  international  experts  categorize  Russia  as  an 


1 1  “Conceptual  Views  Regarding  the  Activities  of  the  Armed  Forces  of  the  Russian  Federation  in  the 
Information  Space,”  Unofficial  NATO  Translation,  accessed  March  24,  2014  (Tallinn:  Cooperative  Cyber 
Defense  Centre  of  Excellence):  3, 

http://www.ccdcoe.org/strategies/Russian_Federation_unofficial_translation.pdf 

12  Keir  Giles,  ‘“Information  Troops’  -  a  Russian  Cyber  Command?,”  presented  at  the  3rd  International 
Conference  on  Cyber  Conflict,  Tallinn:  Cooperative  Cyber  Defense  Centre  of  Excellence  (2011):  45-57, 
http://www.ccdcoe.org/publications/2011proceedings/InformationTroopsARussianCyberCommand- 
Giles.pdf 

12  Keir  Giles,  “Russia’s  Public  Stance  on  Cyberspace  Issues,”  presented  at  the  4th  International 
Conference  on  Cyber  Conflict,  Tallinn:  Cooperative  Cyber  Defense  Centre  of  Excellence  (2012):  63-74, 
http://www.ccdcoe.org/publications/2012proceedings/2_l_Giles_RussiasPublicStanceOnCyberInformation 
Warfare.pdf;  “Convention  on  International  Information  Security,”  Ministry  of  Foreign  Affairs  of  the 
Russian  Federation,  last  modified  September  22,  2011,  http://www  mid  ru^domp/ns- 
osndoc.nsf/le5f0de28fe77fdcc32575d900298676/7bl7ead7244e2064c3257925003bcbcc!OpenDocument. 

14  Stephen  Blank,  “Russian  Information  Warfare  as  Domestic  Counterinsurgency,”  American  Foreign 
Policy  Interests:  The  Journal  of  the  National  Committee  on  American  Foreign  Policy  35,  no.  1  (January 
2013):  31-44.  doi:10.1080/10803920.2013. 757946. 
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aggressor  based  on  the  actions  of  Russian  non-state  actors,  overt  Russian  state  efforts  and 
cyber  developments  appear  to  be  more  defensive, 


B,  OFFENSE-DEFENSE  THEORY 

The  international  relations  theoretic  paradigm  for  analyzing  Russian  cyber 
capability  that  the  author  adopts  throughout  this  thesis  is  Robert  Jervis's  offense-defense 
theory.  The  following  sections  describe  the  theory's  fundamental  explanatory  argument, 
recapitulate  critiques  of  the  theory,  and  argue  why  this  analytic  paradigm  is  suitable  for 
studying  Russian  cyber  power. 

1.  Idealized  Definition 

In  his  1978  study  of  problems  in  international  politics,  “Cooperation  Under  the 
Security  Dilemma,”  Robert  Jervis  identifies  the  security  dilemma  as  a  problematic 
process  that  escalates  international  tension — security-seeking  states  appear  to  increase  the 
insecurity  of  other  states  simply  through  defensive  actions  that  should  otherwise  be 
nonthreatening.  The  intensity  of  this  security  dilemma,  or  whether  or  not  the  international 
systems  manifests  it  in  the  first  place,  depends  on  two  variables — “whether  defensive 
weapons  and  policies  can  be  distinguished  from  offensive  ones,  and  whether  the  defense 
or  the  offense  has  the  advantage.”!^  Jervis  further  elaborates  on  factors  that  underlie 
these  variables  and  under  what  conditions  they  affect  the  security  dilemma. 

The  first  variable,  offense-defense  differentiation,  addresses  states’  perceptions  of 
others — ^whether  other  states  threaten  them  or  not.  States  base  these  perceptions  on 
whether  other  states’  armaments  can  be  used  strictly  for  offense  or  defense  (or  both),  and 
on  the  military  and  political  strategies  states  pursue.!^  If  it  is  possible  to  differentiate 
states’  postures,  then  security-seeking  states  can  cooperate  with  likeminded  states,  but 
revisionist  states  may  still  act  aggressively.  Such  a  situation,  however,  is  stable — the 


Oleg  Demidov,  “Cyberwarfare  and  Russian  Style  of  Cyberdefense,”  Security  Index:  A  Russian 
Journal  on  International  Security  19,  no.  3  (September  2013):  70-71,  doi:10. 1080/19934270. 2013. 814955. 

Robert  Jervis,  “Cooperation  Under  the  Security  Dilemma,”  World  Politics  30,  no.  2  (January  1978): 
1 86-7,  http://www.jstor.org/stable/2009958. 

17  Ibid.,  203. 
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transparency  of  intentions  precludes  the  security  dilemma  and  aggressive  states  signal 
hostile  behavior.  The  second  variable,  the  offense-defense  balance,  strives  to  ascertain 
whether  weapons  favor  the  attacker  or  the  defender.  At  times  when  it  is  possible  to 
differentiate  whether  offensive  or  defensive  weapons  dominate,  Jervis  predicts  various 
security  dilemma  outcomes:  if  dollar-for-dollar  offensive  weapons  are  a  better 
investment,  states  are  more  inclined  to  attack  first;  but  when  defensive  weapons 
dominate,  wars  tend  toward  stalemates  and  status-quo  powers  prefer  to  cooperate.!^ 
According  to  Jervis,  two  factors  determine  this  balance:  military  technology  and 
geography. 

Based  on  the  possible  combinations  of  these  two  variables,  Jervis  proposes  a 
“Four  Worlds”  model,  according  to  which  one  can  generalize  the  stability  of  the 
international  system  (see  Figure  1).20  This  model  depicts  the  world  from  the  perspective 
of  a  status-quo  power — an  unstable  world  is  a  dangerous  world,  but  revisionist  states 
might  instead  see  it  as  a  world  of  opportunity.  Although  this  idealized  model  eloquently 
distills  international  anarchy  into  four  quadrants,  Jervis  explains  that  reality  conforms  to  a 
continuum  of  possible  magnitudes  of  the  variables.  Although  reality  is  more  nuanced 
than  Jervis’s  basic  model,  the  Four  Worlds  model  nonetheless  provides  a  succinct  and 
coherent  realist  perspective  for  evaluating  the  conditions  of  the  international  system. 


Jervis,  “Cooperation  Under  the  Security  Dilemma,  ”  188. 

19  Ibid.,  194. 

20  Ibid.,  211. 


6 


OFFENSE  HAS 
THE  ADVANTAGE 


DEFENSE  HAS 
THE  ADVANTAGE 


OFFENSIVE  POSTURE 
NOT  DISTINGUISHABLE 
FROM  DEFENSIVE  ONE 


OFFENSIVE  POSTURE 
DISTINGUISHABLE 
FROM  DEFENSIVE  ONE 


1 

Doubly  dangerous 

2 

Security  dilemma,  but 
security  requirements 
may  be  compatible. 

No  security  dilemma,  but 
aggression  possible. 

Stotus-quo  states  can  follow 
different  policy  than 
aggressors. 

Warning  given. 

-4 

Doubly  stable 

Figure  1.  International  Stability  Outeomes  Based  on  Jervis’s  Offense-Defense 

Theory.  21 

2,  Critiques  and  Theoretical  Variations 

Since  its  publication  over  thirty-five  years  ago,  Jervis’s  offense-defense  theory 
has  withstood  critiques  from  some  scholars,  while  other  scholars  have  enriched  its 
analytic,  descriptive,  and  predictive  depth.  Sean  M.  Lynn-Jones  summarizes  the  main 
criticisms  of  offense-defense  theory  and  the  corresponding  rebuttals.  Jervis’s  theory 
shares  the  underlying  assumptions  of  realist  international  theory:  a  state  of  anarchy 
envelops  the  international  system,  states  are  self-reliant  for  security,  and,  although  states 
may  make  mistakes,  they  act  out  of  rational  self-interest.  22  These  fundamental 
assumptions  and  how  they  govern  neorealist  and  neoliberal  theory  remain  the  subject  of 
contemporary  debate. 23 

In  addition  to  these  general  criticisms,  Lynn-Jones  lists  five  specific  objections. 
The  first  objection  is  that  it  is  impossible  to  distinguish  weapons  as  offensive  or 


21  Jervis,  “Cooperation  Under  the  Security  Dilemma,  ”211. 

22  Sean  M.  Lynn-Jones,  “Offense-Defense  Theory  and  Its  Critics,”  Security  Studies  4,  no.  4  (Summer 
1995):  664-5.  doi:  10. 1080/09636419509347600. 

23  Robert  Powell,  “Anarchy  in  International  Relations  Theory:  The  Neorealist-Neoliberal  Debate 
Neorealism  and  its  Critics,  by  Robert  O.  Keohane;  Neorealism  and  Neoliberalism:  The  Contemporary 
Debate,  by  David  A.  Baldwin,”  International  Organization  48,  no.  2  (Spring  1994):  331-44, 
http://www.jstor.org/stable/2706934. 
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defensive. 24  Although  this  concern  recognizes  that  most  weapons  systems  contain 
offensive  and  defensive  qualities,  it  overstates  the  resulting  problem;  despite  the  dual  use 
of  weapons,  in  practice,  states  still  typically  recognize  which  types  of  weapons  are  more 
cost  advantageous  for  offensive  operations,  and  which  for  defensive. 25  The  second 
objection  is  that  states  fail  to  correctly  perceive  the  offense-defense  balance. 26  This 
concern,  however,  does  not  invalidate  the  theory — factors  that  cause  states  to  incorrectly 
assess  the  situation  are  unit-level  variables,  and  even  if  states  miscalculate,  offense- 
defense  theory  acknowledges  that  states  base  their  actions  on  their  individual  perceptions, 
and  not  on  universal  objectivity. 22  Another  critique  suggests  that  Jervis  misinterpreted 
the  causal  direction  of  international  conflict — states  create  offensive  and  defensive 
advantages  according  to  their  strategic  goals. 28  Though  this  criticism  may  have  merit, 
concedes  Lynn-Jones,  it  oversimplifies  reality.  In  only  rare  cases  does  a  single  state  shape 
the  direction  of  military  development  to  create  its  own  singular  advantage;  even  when  a 
state  obtains  unique  military  technology,  the  diffusion  of  knowledge  allows  other  states 
to  emulate  and  achieve  parity. 29 

Another  set  of  criticisms  contends  that  other  variables  and  processes  have  a  more 
dominant  role  in  governing  international  conflict.  Some  claim  that  the  offense-defense 
balance  always  favors  defense — it  is  therefore  a  constant  factor,  not  a  variable  one. 30 
This  criticism  fails  to  recognize  that  the  offense-defense  balance  is  a  continuum,  with  the 
relative  advantage  shrinking  or  growing  at  different  historical  periods,  affording  states  the 
opportunity  to  concentrate  resources  to  overcome  the  relative  advantage  of  defensive 
weapons  at  that  moment. 3 1  More  importantly,  even  if  the  balance  objectively  favors 
defense  at  a  given  point  in  time,  as  famously  illustrated  by  the  offense-defense  theory 

24  Lynn-Jones,  “Offense-Defense  Theory  and  Its  Critics,”  672-3. 

25  Ibid.,  674-7. 

26  Ibid.,  677-9. 

22  Ibid.,  679-82. 

28  Ibid.,  689. 

29  Ibid.,  690. 

30  Ibid.,  688. 

31  Ibid.,  688-9. 
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analysis  of  World  War  I,  states  may  still  misinterpret  the  balance. 32  Another  line  of 
critique  emphasizes  the  role  of  political  intentions,  distributions  of  power,  and  domestic 
dynamics  as  the  driving  forces  of  international  instability. 33  The  answer  to  these 
challenges,  according  to  Lynn-Jones,  is  that  these  may  be  valid  complementary 
explanations — such  factors  may  bias  states  to  act  as  either  status-quo  or  revisionist  actors, 
but  the  outcome  of  their  foreign  policy  choices  set  by  state-level  dynamics  will  develop 
according  to  the  international-level  offense-defense  balance. 34  In  summary,  although 
scholars  have  challenged  Jervis,  his  work  has  withstood  these  criticisms,  especially 
thanks  to  one  of  offense-defense  theory’s  most  powerful  qualities — it  incorporates 
subjectivity  and  uncertainty. 

Subsequent  scholarly  work  on  offense-defense  theory  has  strived  to  elucidate  the 
challenges  of  subjectivity  and  uncertainty,  allowing  for  greater  accuracy  and  precision  in 
measuring  Jervis’s  critical  variables.  Charles  Glaser  and  Chaim  Kaufmann  offer 
approaches  for  measuring  the  offense-defense  balance.  They  propose  a  simple  formula:  a 
cost  ratio  of  the  forces  an  attacker  must  use  to  capture  territory  versus  the  cost  of 
defensive  forces  to  hold  that  territory.  Based  on  this  computation,  “all  else  being  equal, 
the  larger  this  quotient,  the  greater  the  attacker’s  prospects  for  success. ”33  They  further 
nuance  the  offense-defense  balance  calculation  as  dependent  on  war  objectives — modest 
territorial  goals  may  be  more  tempting  for  aggressive  states.  33  Glaser  and  Kaufman  make 
another  important  observation:  because  of  the  complexity  of  contributing  factors,  it  may 
be  more  meaningful  to  calculate  dyadic,  rather  than  systemic  offense-defense  balance, 
and  it  is  valuable  to  consider  the  directional  balance  of  a  given  dyad. 32  Because  of  this 
added  measuring  complexity,  unlike  Jervis’s  generalized  offense-defense  model  that 
depends  on  technology  and  geography,  Glaser  and  Kaufmann’s  measurement 

32  Lynn-Jones,  “Offense-Defense  Theory  and  Its  Critics,”  689. 

33  Ibid.,  683. 

34  Ibid.,  686-7. 

33  Charles  L.  Glaser  and  Chaim  Kaufmann,  “What  Is  the  Offense-Defense  Balance  and  Can  We 
Measure  It?,”  International  Security  22,  no.  4  (Spring  1998):  51,  http://www.jstor.org/stable/2539240. 

36  Ibid.,  53. 

32  Ibid.,  57-9. 
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methodology  also  includes  force  size,  nationalism,  and  cumulatively  of  resources,  but 
excludes  first-move  advantage  and  alliance  behavior.  Despite  these  modifications,  the 
authors  conclude  that  ballpark  estimates  provide  sufficient  insight  to  accurately  satisfy 
the  offense-defense  model. Karen  Ruth  Adams’s  work  confirms  this  conclusion.  Her 
empirical  study  of  armed  conflict  among  great  powers  from  1800  to  1997  shows  the 
statistical  significance  of  what  she  describes  as  the  offense-defense-deterrence  balance: 
attacks  on  other  states  are  less  frequent  and  less  successful  in  defense-  and  deterrence- 
dominant  eras. 39 

Lastly,  Stephen  van  Evera  makes  an  important  contribution  to  offense-defense 
theory  by  describing  the  mechanisms  which  may  explain  aggression  in  an  offense- 
dominant  world  and  evaluating  these  mechanisms’  roles  in  historical  conflicts.  Like 
Adams,  he  finds  that  conflicts  occurred  as  the  theory  predicts:  in  the  last  two  centuries  of 
European  wars,  conflicts  occurred  due  to  perceptions  of  offense  dominance,  the  decline 
of  international  order  throughout  medieval  China  correlated  with  a  shift  toward  offense 
dominance,  and  America’s  geographic  security  seems  to  have  contributed  to  the  United 
States’  lower  aggression.^o  Upon  validating  offense-defense  theory’s  analytic  power  and 
analyzing  in  greater  depth  the  mechanisms  that  influence  aggression,  van  Evera  also 
argues  that  the  theory  is  especially  valuable  because  of  its  wide  real-world 

applicability.  41 


3.  Applicability  to  Cyberspace 

Due  to  its  explanatory  power  and  theoretical  prominence  alone,  offense-defense 
theory  is  a  worthy  lens  for  evaluating  the  effect  of  cyber  power  on  the  international 
system.  Many  of  the  popular  and  scholarly  discussions  about  cyber  power  often  use 
offense-defense  terminology  without  explicitly  contextualizing  it  as  such — commentators 


3^  Glaser  and  Kaufmann,  “What  is  the  Offense-Defense  Balance,  ”  78-9. 

39  Karen  Ruth  Adams,  “Attack  and  Conquer?  International  Anarchy  and  the  Offense-Defense- 
Deterrence  Balance,”  International  Security  28,  no.  3  (Winter  2003/2004):  79-81, 
http://www.jstor.org/stable/4137477. 

40  Stephen  van  Evera,  “Offense,  Defense,  and  the  Causes  of  War,”  International  Security  22,  no.  4 
(Spring  1998):  36-9,  http://www.jstor.org/stable/3539239. 

41  Ibid.,  41. 
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refer  to  offense  dominance,  arms  races,  and  power  balance  diffusion.  These  and  other 
assertions  about  cyber  power  would  benefit  from  analysis  within  an  overarching 
theoretical  framework. ^^2  As  Dr.  Wade  L.  Huntley  suggests,  a  more  systematic  analysis  of 
cyber  power  is  necessary  to  validate  what  may  be  assumptions  or  false  analogies  about 
the  relevance  of  cyber  power  in  shaping  the  international  system.  ^3 

Some  scholars  have  begun  to  undertake  this  effort.  Ilai  Saltzman’s  2013  article, 
“Cyber  Posturing  and  the  Offense-Defense  Balance,”  reflects  on  the  role  of  cyber  power 
at  the  international  level  with  an  examination  of  activities  by  the  United  States,  China, 
Russia,  and  NATO.  His  analysis  shows  that  although  it  is  necessary  to  modify  some 
terminology  to  accommodate  the  nature  of  cyber  weapons,  an  offense-defense  theory 
analysis  of  cyber  power  yields  insight  into  its  distinct  contributions  to  the  overall  balance 
of  military  power. ^4  Whereas  Saltzman  considered  the  cyber  offense-defense  balance 
among  three  great  powers,  Patrick  Malone  proposes  a  model  for  calculating  offense- 
defense  cost  ratios  for  various  cyber  attacks,  showing  that  we  can  gain  empirical  insight 
into  the  balance  of  cyber  weapons. 45  Both  approaches  show  that  a  practical  application  of 
offense-defense  theory  to  cyber  power  is  meaningful  and  valuable. 

The  offense-defense  theory  approach  to  cyber  power  is  not  without  its  critics  as 
well.  Keir  Lieber  argues  that  in  addition  to  offense-defense  theory’s  conventional 
explanatory  challenges,  its  utility  in  assessing  cyber  power  is  even  more  suspect  because 
of  cyber  weapons’  dubious  effectiveness  in  achieving  political  ends. 46  Cyber  weapons’ 
secrecy,  he  argues,  makes  an  arms  race  unlikely — states  cannot  respond  to  a  secret 
weapons  buildup. 47  According  to  his  critique,  although  by  analogy  cyber  weapons  appear 

42  Wade  L.  Huntley,  “Offense,  Defense,  and  Cyber  War”  presented  at  the  International  Studies 
Association,  Toronto,  Canada  (March  2014):  10. 

43  Ibid.,  22-3. 

44  Ilai  Saltzman,  “Cyber  Posturing  and  the  Offense-Defense  Balance,”  Contemporary  Security  Policy 
34,  no.  1  (2013):  40-63.  doi:  10.1080/1352360/2013/771031. 

45  Patrick  J.  Malone,  “Offense-Defense  Balance  in  Cyberspace:  A  Proposed  Model”  (Naval 
Postgraduate  School,  2012),  http://hdl  handle  net/10945/27863. 

46  Keir  Lieber,  “  The  Offense-Defense  Balance  and  Cyber  Warfare,”  in  Cyber  Analogies,  ed.  Emily  O. 
Goldman  and  John  Arquilla  (Monterey,  California:  Naval  Postgraduate  School,  2014):  103, 

http://hdl  handle  net/10945/40037. 

47  Ibid.,  104. 
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to  have  offensive  dominanee,  the  qualitative  nature  of  eyber  power  does  not  eontribute  to 
the  seeurity  dilemma  in  the  same  fashion  as  eonventional  arms. 

This  thesis,  however,  assumes  that  offense-defense  theory  has  suffieient 
explanatory  eapaeity  to  ineorporate  eyber  power  as  a  faeet  of  the  overall  balanee  of 
power  among  states.  Furthermore,  the  theory’s  flexibility  in  ineorporating  secreey, 
intentions,  and  ambiguity  may  be  exaetly  the  meehanisms  strategists  need  to  artieulate 
the  strategie  effeet  of  some  of  eyber  weapons’  problematie  properties — attribution, 
seerecy,  and  perishability. 

C.  RESEARCH  DESIGN 

The  role  and  nature  of  eyberspaee  in  international  relations  (IR)  is  a  subject  of 
ongoing  debate  among  policy  makers,  military  planners,  and  subject  matter  experts. 
Although  this  theoretical  debate  is  still  inconclusive,  this  thesis  forgoes  the  debate  and 
assumes  that  defensive  realism’s  concept  of  security  dilemma  applies  to  cyberspace.  The 
value  of  this  approach  is  that  it  provides  a  cyber  power  analysis  that  follows  an  existing 
IR  paradigm  and  combines  multiple  facets  of  cyberspace  development  into  a  strategic 
assessment.  Also,  because  the  security  dilemma  applies  to  the  international  system,  this 
approach  affords  an  opportunity  to  compare  and  contrast  Russia’s  behavior  with  expected 
state  behavior. 

Additionally,  the  quality  and  relevance  of  this  thesis  in  assessing  Russian  cyber 
posture  offers  insight  into  the  merits  of  offense-defense  theory  and  validates  the 
underlying  assumption  that  existing  IR  concepts,  specifically  offense-defense  balance, 
apply  to  cyberspace.  This  thesis  is  a  practical  application  of  IR  concepts  to  cyber  power. 
The  quality  of  the  author’s  efforts  notwithstanding,  this  application  of  theory  to  an 
existing  problem  set  may  help  gauge  the  applicability  and  relevance  of  offense-defense 
theory  to  cyberspace  and  help  facilitate  the  theoretical  debate  about  the  nature  of  cyber 
power. 

Robert  Jervis  defines  two  variables  responsible  for  shaping  the  security  dilemma: 
“whether  defensive  weapons  and  policies  can  be  differentiated  from  offensive  ones”  and 
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“whether  the  offense  or  the  defense  has  the  advantage. ”^8  Jervis  coneeived  this  formula 
for  an  international  level  of  analysis,  but  for  elarity  and  applieability  at  the  state  level  of 
analysis,  the  author  adopts  a  modified  definition.  In  this  thesis,  the  author  modifies  the 
first  variable,  offense-defense  differentiation,  as  Russia’s  eyber  posture  differentiation; 
can  Russia’s  intentions  be  differentiated  as  either  favoring  offensive  or  defensive  action? 
If  a  system  level  of  analysis  reveals  that  weapons  and  policies  can  be  differentiated,  then 
it  is  doubtful  that  a  state-level  analysis  that  merely  narrows  the  scope  of  the  question  to 
that  state’s  capability  will  provide  additional  insight — a  state  cannot  change  the 
fundamental  property  of  weapons.  Instead,  at  the  state  level  it  is  more  valuable  to 
consider  a  state’s  posture  and  intentions.  This  differentiation  among  states,  Jervis 
suggests,  is  beneficial  for  identifying  status-quo  and  aggressor  states,  facilitating 
cooperation,  or  providing  advanced  warning. ^9  By  studying  Russia’s  posture  and 
intentions,  one  may  be  able  to  infer  its  role  in  the  international  system — whether  it  is 
exacerbating  or  abating  the  security  dilemma. 

The  author  also  redefines  Jervis’s  second  variable,  offense-defense  advantage,  as 
Russia’s  cyber  force  composition:  does  Russia  invest  in  offensive  or  defensive 
capability?  This  definition  results  from  extending  Jervis’s  reasoning  to  the  state  level.  At 
the  international  level  of  analysis,  a  world  where  offense  dominates  suggests  that  dollar 
for  dollar,  a  state  would  rationally  invest  in  offensive  capability,  A  state-level 
consequence  of  an  offense-dominated  world  would  be  an  international  system  in  which 
states  are  armed  with  predominantly  offensive  weapons.  To  perform  the  same  analysis 
bottom-up,  at  the  state  level,  one  would  examine  what  category  of  weapons  a  state  has 
chosen  to  invest  in — offensive  or  defensive.  The  existing  body  of  literature  serves  as  the 
basis  of  Russia-related  cyber  weapons  use.  A  consolidated  analysis  of  this  brandished, 
employed,  and  implied  Russian  cyber  capability  allows  subsequent  comparison  of  Russia 
against  the  international  level,  offering  insight  as  to  whether  Russia  is  a  status  quo  or  a 
revisionist  state.  The  same  assessment  of  Russian  capability  may  also  serve  as  basis  for 

Jervis,  “Cooperation  Under  the  Security  Dilemma,  ”  186-7. 

49  Ibid,.  199-200. 

50  Ibid.,  188. 
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dyadic  comparison,  perhaps  forecasting  if  an  arms  race  between  Russia  and  a  specific 
state  is  likely. 

Based  on  these  modified  variables,  this  thesis  makes  the  following  four  mutually 
exclusive  hypotheses,  aceording  to  Jervis’s  Four  Worlds  modeh^i 

HI.  Russia’s  cyber  capability  is  offensive  and  the  posture  is  indistinguishable  as 
either  offensive  or  defensive. 

H2.  Russia ’s  cyber  capability  is  defensive  and  the  posture  is  indistinguishable  as 
either  offensive  or  defensive. 

H3.  Russia’s  cyber  capability  is  offensive  and  the  posture  is  distinguishable  as 
either  offensive  or  defensive. 

H4.  Russia ’s  cyber  capability  is  defensive  and  the  posture  is  distinguishable  as 
either  offensive  or  defensive. 

Another  outcome  of  the  research — the  failure  to  produce  substantive  analysis — is 
possible: 

H5.  The  unique  properties  of  cyberspace  preclude  meaningful  offense-defense 
theory  analysis. 

Although  this  hypothesis  would  fail  to  provide  insight  into  Russia’s  cyber  capability,  this 
failure  may  nonetheless  provide  useful  insight  about  eyber  power — if  neither  the  analysis, 
evidenee,  nor  method  are  faulty,  then  perhaps  cyber  power  introduces  unique  ehallenges 
and  factors  that  confound  existing  theoretical  understanding  of  the  security  dilemma. 

In  addition  to  altering  Jervis’s  variables  to  permit  a  state-level  analysis,  this  thesis 
also  proposes  a  different  definition  of  geography.  “Technology  and  geography,” 
according  to  Jervis,  “are  the  two  main  factors  that  determine  whether  the  offense  or  the 
defense  has  the  advantage. ”^2  Unlike  technology,  evaluating  geography  in  cyberspaee  is 
inherently  problematie — most  definitions  of  cyberspace  not  only  eonsider  it  a  manmade 
domain,  but  also  a  virtual  domain.  This  thesis  adopts  the  Department  of  Defense’s 

Jervis,  “Cooperation  Under  the  Security  Dilemma,  ”  211-4. 
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definition  of  cyberspace:  it  is  a  global  domain  within  the  information  environment  that 
consists  of  three  layers — physical,  logical,  and  cyber  persona.  ^3  Only  the  physical 
network  layer  has  a  geographic  component,  but  the  other  layers  also  have  their  own 
relational  topologies  among  and  within  other  layers  that  may  be  more  relevant  to  the 
efficacy  of  offense  and  defense  than  the  topography  of  physical  nodes  and  links  that 
enable  operations  in  cyberspace.  Future  technological  developments  in  information 
technology  will  likely  make  it  even  more  difficult  to  conceive  of  cyber  geography.  One 
such  development,  cloud  computing,  will  further  abstract  cyberspace  apart  from  physical 
geography  by  creating  a  distributed,  dynamic,  and  ubiquitous  resource  pool  for  scalable, 
on-demand  computing.  34  This  evolution  of  computing  will  increasingly  obfuscate  the 
relationship  between  the  physical,  logical,  and  persona  layers  of  cyberspace,  necessitating 
a  broad  definition. 

Because  cyber  geography  is  so  different  from  physical  geography,  one  may 
choose  to  modify  Jervis’s  theory  as  applied  to  cyberspace  by  discarding  geography  as  an 
analytic  factor,  or  it  may  be  possible  to  consider  a  metaphor  for  geography  in 
cyberspace.  33  This  thesis  adopts  the  notion  of  a  cyber  geography  that  considers  all  three 
layers  of  cyberspace  as  cyber  terrain,  with  differentiable  security  boundaries,  mobility 
factors,  attribution,  and  perishability.  Thus,  cyber  terrain  may  be  mapped  out  with 
metaphorical  mobility  corridors,  high  ground,  key  objectives,  and  barriers  at  the  tactical 
and  strategic  levels.  For  the  purpose  of  offense-defense  analysis,  however,  only  the 
strategic  view  of  cyber  terrain  is  useful.  That  is,  this  thesis’s  analysis  only  concerns  with 
attributes  of  cyberspace  within  the  jurisdiction  of  a  state  that  are  differentiable  from 
cyberspace  within  the  jurisdiction  of  other  states.  A  trivial  illustration  of  such 
differentiation  is  the  unique  Internet  Protocol  address  scheme  assigned  to  states  by  the 
Internet  Corporation  for  Assigned  Names  and  Numbers  that  maps  national  sovereignty  to 


33  Joint  Publication  3-12,  “Cyberspace  Operations,”  (Washington  D.C.:  Joint  Chiefs  of  Staff,  2013),  v, 
http://www.dtic  mil/doctrine/new_pubs/jp3_12R.pdf 

34  Peter  Mell  and  Timothy  Grance,  “NIST  Special  Publication  800-145:  The  NIST  Definition  of  Cloud 
Computing,”  National  Institute  of  Standards  and  Technology,  U.S.  Department  of  Commerce  (2011):  2-3, 
http://csrc  nist.gov/publications/nistpubs/800-145/SP800-145.pdf 

33  Huntley,  “Offense,  Defense,  and  Cyber  War,”  16-7. 
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cyber  coordinates.  A  more  sophisticated  international-level  example  of  cyber  terrain  may 
be  a  state-managed  firewall  that  regulates  Internet  traffic  exchanged  between  its  cyber 
resourees  and  other  states’  eyber  resources.  An  encryption  protocol  used  by  a  sizable 
portion  of  Internet  users  aeross  the  world  may  be  an  example  of  a  distinctive  cyber 
mobility  corridor  that  affects  international  cyber  power.  Just  based  on  these  three 
examples,  it  is  apparent  that  an  innumerable  multitude  of  teehnical  implementations  may 
shape  cyber  geography,  but  the  subjective  task  of  this  thesis  is  to  identify  cyber  terrain 
features  that  both  differentiate  the  totality  of  Russian  cyberspace  from  the  global 
cyberspace  and  influence  whether  offense  or  defense  has  the  advantage. 
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II.  RUSSIAN  CYBER  CAPABILITY 


This  chapter  seeks  to  determine  whether  Russian  cyber  capability  favors  offense 
or  defense.  Following  Robert  Jervis’  offense-defense  theory  formulation,  this  analysis 
considers  two  factors:  cyber  technology  and  cyber  geography. 

First,  this  analysis  of  cyber  technology  is  broader  than  strictly  an  evaluation  of  the 
Russian  military’s  cyber  capabilities — the  militaries  of  states  are  latecomers  to  an 
international  system  that  perhaps  resembles  the  anarchic  pre- Westphalian  dispersal  of 
power.  The  current  state  of  eyber  power,  as  Joseph  S.  Nye,  Jr.  argues,  predisposes  a 
diffusion  of  power  within  the  cyber  domain;  non-state  actors  have  very  low  barriers  for 
obtaining  and  using  offensive  weapons.  The  Russian  government,  therefore,  may  not 
strictly  monopolize  Russian  cyber  power,  but  may  rely  on  other  sources  of  domestic 
cyber  power,  exereising  varying  degrees  of  control  over  its  proxies'  methods,  objectives, 
and  actions.  The  author's  underlying  assumption  throughout  this  thesis,  therefore,  is  that 
as  long  as  cyber  power  is  exercised  in  a  manner  that  supports  the  Russian  Federation’s 
objeetives,  it  is  unimportant  whether  the  actors  are  uniformed  military,  seeurity  agents, 
mereenaries,  coerced  businesses,  or  other  proxies.  After  all,  other  states,  according  to 
offense-defense  theory  logic,  react  based  on  their  subjective,  inherently  pessimistic 
perceptions  of  these  Russian-associated  applieations  of  cyber  power.  Furthermore,  recent 
demonstrations  of  Russia’s  hybrid  warfare  military  strategy  in  Ukraine  illustrate  the  link 
between  state  and  proxy  actors,  providing  a  practical  validation  to  suspicions  of  surrogate 
actors.  Therefore,  when  considering  technology,  this  paper  takes  a  broad  view  of  the 
types  of  offensive  eyber  operations  and  the  actors  that  undertake  them  that  constitute 
Russia’s  cyber  capability. 

Second,  this  chapter  places  an  emphasis  on  analyzing  Russia’s  cyber  geography 
(as  defined  in  the  introduction);  since  cyberspace  is  a  manmade  domain  its  geography  is 
malleable.  How  Russia  shapes  its  cyber  terrain  may  as  telling  of  its  offensive  or  defensive 

Jervis,  “Cooperation  Under  the  Security  Dilemma,  ”  194. 
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capability  as  is  its  technological  capability.  Robert  Jervis  deseribes  various  manmade 
barriers  as  imitations  of  geographie  obstacles  and  this  logic  has  a  very  pronounced  effect 
in  cyberspace.  Despite  the  often-touted  ubiquity  of  the  Internet,  the  topology  of  long- 
haul  communications  links,  access  aggregation  by  Internet  service  providers,  and 
country-specifie  IP  space  alloeation  schemes  provide  states  with  a  teehnical  means  to 
oireumseribe  their  national  cyberspace.  The  People’s  Republic  of  China’s  notorious  Great 
Firewall  of  China,  for  example,  eontrols  ingress  and  egress  to  Chinese  cyberspace 
aeeording  to  both,  traffic  origin  and  destination,  and  traffie  content.  Additionally, 
various  communications  standards  within  a  segment  of  cyberspace,  such  as  encryption 
layers  or  authentication  protocols,  can  affect  user  and  data  attribution.  A  state’s  ehoiees 
in  developing  its  cyber  geography,  mueh  like  its  deeisions  to  invest  in  minefields, 
demilitarized  buffer  zones,  or  off-gauge  railroad  traeks,  affeet  its  offensive  or  defensive 
capability. 

A,  CASE  STUDIES 

Following  a  broad  definition  of  teehnological  capability,  this  section  examines  a 
variety  of  cyber  events  perpetrated  by  or  attributed  to  Russian  actors  and  argues  that 
although  seerecy,  aoeording  to  Martin  Libicki,  constrains  a  state’s  ability  to  brandish 
cyber  weapons,  these  attacks  nonetheless  suggest  a  pattern  of  state  sponsorship  and 
therefore  exemplify  Russian  cyber  eapability.^o  seetion  of  this  chapter  evaluates 

the  2007  eyber  attacks  on  Estonia,  the  eyber  campaign  that  paralleled  the  2008  Russo- 
Georgian  War,  and  the  2014  Ukraine  crisis.  Additionally,  this  case  study  analysis 
considers  the  technological  capacity  of  Russian  cyber  eriminals  and  intelligenee  services. 
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1,  2007  Estonia  Cyber  Attacks 

In  April  2007,  nationalist  tensions  between  Estonians  and  the  ethnie  Russian 
minority  in  Tallinn,  Estonia  eulminated  in  what  many  observers  and  commentators  have 
since  considered  a  historic  cyber  event.  These  nationalist  tensions  initially  centered  on  a 
World  War  II  memorial  honoring  Soviet  troops — to  Estonians  the  memorial  represented  a 
vestige  of  Soviet  occupation,  whereas  to  the  Russian  minority  it  commemorated  the 
sacrifice  and  heroism  of  the  Great  Patriotic  War.  Erustrated  with  their  perceived 
marginalization  in  Estonian  society,  local  Russians  embraced  the  statue  as  a  symbol  of 
their  plight.  Throughout  the  spring  of  2007,  the  situation  in  Tallinn  deteriorated;  displays 
of  Russian  nationalist  pride  at  the  Bronze  Soldier  memorial  escalated  into  provocations, 
hooliganism,  and  eventually  led  to  street  violence  and  riots.  Pro-Russian  cyber  attackers 
conducted  a  three-week  campaign  attacking  Estonia’s  cyber  infrastructure  concurrently 
with  the  physical  riots  in  Estonia, 

The  technical  characterization  of  the  cyber  attacks  varied  from  low  to  moderate 
levels  of  sophistication.  The  first  wave  of  attacks  used  basic  Denial  of  Service  (DoS) 
tactics  and  showed  little  coordination  and  target  selection.  NATO’s  Cooperative  Cyber 
Defense  Center  of  Excellence  synopsis  of  the  attacks  in  International  Cyber  Incidents: 
Legal  Considerations  bluntly  describes  the  initial  attacks  as  “simple,  ineptly  coordinated, 
and  easily  mitigated.”^^  jn  contrast,  the  attacks  that  followed  beginning  on  April  30  used 
more  sophisticated  Distributed  DoS  (DDoS)  tools  and  demonstrated  centralized 
command  and  control  that  effectively  shifted  among  targets  and  concentrated  attacker 
firepower.  Throughout  the  initial  DoS  and  the  later  DDoS  phase  of  the  cyber  campaign, 
pro-Russian  attackers  also  conducted  website  defacements  and  spamming,  phishing,  and 
personal  harassment  of  Estonian  victims.  ^3 

The  variety  of  cyber  attacks  resulted  in  a  corresponding  variety  of  effects.  Many 
of  the  low  sophistication  attacks  were  little  more  than  a  nuisance  to  their  targets  and  to 
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Estonia’s  Computer  Emergency  Response  Team  (CERT).^^  DDoS  attacks  on  the 
media  and  financial  organizations,  however,  resulted  in  a  disruption  of  online  financial 
services  and  strategic  communication  isolation  from  the  rest  of  the  world.  Despite 
accomplishing  these  technical  effects,  it  is  unclear  that  the  campaign  achieved  a  strategic 
objective. 

One  potential  strategic  objective  may  have  been  to  compel  the  Estonian 
government  to  reverse  its  decision  to  return  the  Bronze  Soldier  statue  to  its  previous 
place,  which  it  did  not  do.  If  the  attackers’  objective  was  instead  to  cause  economic  harm 
to  Estonia,  this  effect  is  difficult  to  measure  outright — the  losses  from  the  disruptions  had 
a  notable  effect  on  Estonia  economy,  but  no  businesses  declared  or  claimed  financial 
loses. Although  the  net  effect  of  the  attacks  may  be  difficult  to  ascertain,  the  attacks 
nonetheless  offer  an  opportunity  to  calculate  the  relative  cost  ratio  of  the  offensive  and 
defensive  actions,  in  order  to  better  determine  whether  offensive  or  defensive  weapons 
dominate.  In  his  proposed  model  for  calculating  the  offense-defense  cost  ratio  in 
cyberspace,  Patrick  Malone  estimates  that  for  every  dollar  expended  by  attackers, 
Estonian  defenders  spent  $424. This  degree  of  cost  disparity  suggests  that  cyber  attacks 
such  as  the  one  against  Estonia,  despite  dubious  strategic  effectiveness,  may  entice 
Russia  and  other  states  to  act  aggressively. 

Although  the  cyber  attacks  against  Estonia  have  not  been  attributed  to  the  Russian 
government,  circumstantially,  they  reflected  Russian  state  interests.  As  the  Bronze 
Soldier  crisis  developed  within  Estonia,  the  Russian  Eederation  signaled  its  stake  in  a 
pro-Russian  resolution  of  Estonia’s  domestic  conflict.  Prior  to  the  eruption  of  violence, 
the  Russian  foreign  ministry  expressed  Russia’s  position  by  issuing  a  protest  about  the 
Estonian  government’s  plan  to  relocate  the  Bronze  Soldier  Memorial  to  a  less  prominent 
location.  Once  physical  violence  and  cyber  attacks  commenced,  the  Russian  Eederation 
Council  advocated  freezing  diplomatic  ties  with  Estonia  and  wanted  to  impose  economic 
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sanctions.  Within  the  Russian  Federation,  poliee  failed  to  proteet  the  Estonian  embassy 
when  Russian  youth  groups  physieally  attaeked  the  eompound  and  Estonian  staff  An 
unoffieial  bloekade  disrupted  trade  on  the  Russian-Estonian  border.  Russian  involvement 
in  the  eonfliet  eventually  prompted  German  Chaneellor  Angela  Merkel  to  engage  Russian 
President  Vladimir  Putin,  diseouraging  offieial  and  unoffieial  Russian  involvement. 
This  level  of  politieal  eommitment  to  the  event  on  part  of  the  Russian  state,  as  well  as  the 
use  of  various  soft  instruments  of  power  to  eoeree  the  Estonian  government,  are 
suggestive  of  a  seenario  in  whieh  Russia  and  other  states  may  employ  non-attributable 
eyber  weapons  to  attempt  to  eoeree,  punish,  or  at  least  disorient  another  state. 

The  eyber  attaeks  against  Estonia  serve  as  a  valuable  illustration  within  the 
eontext  of  offense-defense  theory.  Onee  the  attaeks  reaehed  moderate  teehnieal 
sophistieation  and  eoordination,  they  had  a  detrimental  effeet  that  the  defenders  struggled 
to  eounter.  Perhaps  more  importantly,  the  attaeks  also  adversely  affeeted  the  Estonian 
government’s  ability  to  provide  publie  serviees,  disrupted  eivil  soeiety,  and  eomplieated 
the  government’s  response  to  the  underlying  ethnie  eonfliet.  The  attaeks  had  another 
notable  eharaeteristie;  the  disruptions  eaused  by  the  attaeks  lasted  only  as  long  as  the 
attaeks  themselves.  Elnlike  physieal  weapons,  the  eyber  weapons  used  in  this  eonfliet 
resulted  in  little  tangible  or  lasting  damage;  the  attaeks  temporarily  denied  aeeess  to 
eyber  resourees,  but  did  not  destroy  physieal  property  or  data.  Though  taotieally 
sueeessful,  the  attaeks  did  not  lead  to  a  pro-Russian  outeome;  the  Estonian  government 
did  not  reverse  its  deeision  to  move  the  Bronze  Soldier  statue  to  its  new  loeation. 
Although  these  attaeks  demonstrated  that  offense  had  the  advantage  at  a  taetieal  level, 
aggressive  aetion,  even  when  sueeessful,  resulted  in  limited  pay-off. 

The  attaeks  also  illustrated  the  importanee  of  eyber  geography.  As  an  early  and 
enthusiastie  implementer  of  online  eommeree  and  eivil  soeiety,  Estonia  was  an  inviting 
target  for  eyber  attaeks.  After  the  ineident,  Estonia’s  eyber  dependeney  beeame  a 
eautionary  example  to  the  international  eommunity  and  hastened  many  states’  efforts  to 


Mathias  Roth,  Bilateral  Disputes  between  EU Member  States  and  Russia,  CEPS  Working 
Document  (Centre  for  European  Policy  Studies,  August  2009):  13-5, 
http://www.ceps.eu/files/book/2009/09/1900.pdf 


21 


implement  seeurity  eountermeasures,  espeeially  in  eritieal  infrastrueture.  The  attaeks  also 
demonstrated  the  diseontinuity  between  physieal  and  eyber  borders;  potential  avenues  of 
attaek  in  eyberspaee  may  be  innumerable.  The  DDoS  attacks  against  Estonia  harnessed 
cyber  resources  from  across  the  globe — to  effectively  defend  against  such  attacks, 
defensive  countermeasures  needed  to  be  not  merely  a  national,  but  an  international 
endeavor.  ^9 

2,  2008  Russo-Georgian  War 

The  2008  Russo-Georgian  War  was  an  important  milestone  in  the  use  of  cyber 
power;  cyber  attacks  contributed  to,  and  in  several  instances  complemented,  Russia’s 
military  campaign  in  an  unprecedented  fashion. interstate  conflict  was  a 
continuation  of  nationalist  ambitions  of  two  Georgian  regions,  Abkhazia  and  South 
Ossetia.  After  a  brief  independence  struggle  subsequent  to  the  dissolution  of  the  USSR, 
these  regions  enjoyed  de  facto  autonomy.  Since  then,  joint  Georgian  and  Russian 
peacekeeping  forces  maintained  stability  in  South  Ossetia.  In  August  of  2008,  however, 
after  a  series  of  cross-demilitarized  zone  provocations,  the  Georgian  army  invaded  South 
Ossetia,  capturing  its  capital.  Russian  forces  that  were  regionally  prepositioned  thanks  to 
exercises  earlier  that  summer  counterattacked,  and  within  five  days  forced  a  cease-fire. 
Throughout  the  brief  military  engagement,  a  formally  unacknowledged  cyber  campaign 
showed  “Moscow’s  readiness  to  use  asymmetric,  as  well  as  conventional  means  to 
achieve  its  goals. 

The  cyber  weapons  and  tactics  employed  against  Georgia  during  the  Russo- 
Georgian  War  were  similar  to,  but  more  sophisticated  than  those  used  against  Estonia  in 
2007.  Botnet-perpetrated  distributed  denials  of  service  attacks,  along  with  targeted 
website  defacements,  comprised  the  mainstay  of  the  offensive  cyber  weapons.  Though 
the  use  of  botnets  to  conduct  DDoS  attacks  is  increasingly  a  less  sophisticated 
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endeavor — a  blaek  market  exists  for  botnets  for  hire — the  way  DDoS  attaeks  were 
eondueted  against  Georgia  showed  an  uneharaeteristie  level  of  sophistieation.  On  July  19, 
a  potential  rehearsal  attack  using  a  thereto  unknown  botnet  targeted  the  Georgian 
President’s  website — an  attack  profile  atypical  of  common  cybercrime.^^  Throughout  the 
cyber  campaign,  attackers  showed  a  high  degree  of  command  and  control;  they 
conducted  training  for  participants,  prioritized  targets,  distributed  tools,  and  de-conflicted 
and  synchronized  attacks  Unlike  in  Estonia,  however,  pro-Georgian  actors  retaliated 
with  similar,  but  lower  volume  cyber  attacks.^^  Overall,  though  the  cyber  attacks  against 
Georgia  showed  higher  sophistication  than  those  used  against  Estonia,  the  technological 
sophistication  of  the  tactics  and  tools  was  nonetheless  at  a  low  or  moderate  level. 

The  Russian  Eederation  attained  its  limited  strategic  goals  during  the  Russo- 
Georgian  War,  but  it  is  unclear  whether  cyber  attacks  effectively  contributed  to  Russia’s 
strategic  ends.  As  in  Estonia,  the  attacks  had  the  ephemeral  effect  of  disrupting  target 
government,  media,  and  financial  websites. Efforts  to  digitally  isolate  Georgia  led  some 
analysts  to  compare  the  strategic  effect  to  a  cyber  blockade,  but  in  practice  such  a 
blockade  only  affected  few — less  than  10%  of  Georgians  had  access  to  the  Internet,  much 
less  relied  on  it  for  government  services  and  strategic  communication.  Additionally, 
with  international  support,  Georgians  reacted  rapidly  to  relocate  their  effected  cyber 
resources  to  third-party  states,  overcoming  Russian  efforts  to  isolate  them.^^  hollowing 
the  war,  influential  Russian  analysts  like  Igor  Panarin  assessed  that,  despite  the  disruption 
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of  Georgian  strategic  communication  with  cyber  attacks,  Russia  lost  the  broader 
information  campaign  during  the  Russo-Georgian  War.^^ 

Although  the  2008  cyber  attacks  against  Georgia  seemingly  supported  the  Russian 
Federation’s  military  and  political  objectives,  the  Russian  government  has  not 
acknowledged  or  claimed  responsibility  for  the  attacks.  Despite  the  Georgian 
government’s  accusation  that  the  Russian  government  sponsored  the  cyber  campaign, 
analyst  consensus  maintains  that  no  positive  attacker  linkage  to  the  Russian  government 
can  be  made,  but  “the  historical  record  shows  clear  support  of  the  Russian  government 
and  implied  consent  in  its  refusal  to  intervene  or  stop  the  hacker  attacks. Similar  to  the 
Estonia  case,  although  the  cyber  attacks  seemingly  aligned  with  state  interests,  if  the 
Russian  state  sponsored  the  attacks,  it  did  so  clandestinely. 

Just  like  the  distributed  denial  of  services  attacks  against  Estonia,  the  DDoS 
attacks  against  Georgia  overwhelmed  the  targets’  defensive  capacity  and  the  Georgian 
cyber  security  experts’  technical  ability  to  mitigate  the  attacks.  At  the  tactical  level,  when 
employed  as  a  first  strike,  the  technology  appeared  to  favor  the  offense.  After  the  initial 
shock  of  the  attacks  dissipated,  Georgians  found  that  the  simpler  online  services — 
government  websites,  but  not  electronic  banking  centers — could  be  easily  re-provisioned 
on  more  robust  third  party  servers.  Although  the  attacks  against  Georgia  demonstrated 
that  offensive  use  of  DDoS  cyber  weapons  dominated  defensive  countermeasures,  the 
attacks  also  revealed  their  limited  value:  defenders’  resilience  showed  that  attackers  can 
expect  disruption  and  denial  effects  of  cyber-attacks  to  have  a  limited  duration. 

Unlike  Estonian  cyber  infrastructure,  Georgia’s  Internet  presence  and  reliance  on 
online  services  at  the  time  of  the  Russo-Georgian  War  was  very  limited.  Importantly,  this 
limited  domestic  infrastructure  connected  to  the  Internet  via  either  Russian  or  Turkish 
Internet  service  providers.^*’  This  limited  path  diversity  further  skewed  the  offense- 
defense  balance  in  favor  of  the  attackers  who  were  accused  of  using  this  path  bottleneck 
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to  manipulate  Georgian  Internet  traffic,  enabling  a  cyber  blockade  not  only  logically 
through  DDoS,  but  also  by  logically  restricting  or  redirecting  the  physical  flow  of  data. 
Although  Georgian  defenders  found  themselves  overwhelmed  by  the  offensive  cyber 
weapons,  they  showed  defensive  resilience  by  exploiting  a  defining  property  of 
cyberspace,  its  manmade  nature.  Once  pro-Russian  hackers  disabled  Georgia’s 
government  sites,  Georgians  simply  restored  those  sites  on  more  defensible  third-party 
cyber  terrain. 

Despite  the  offensive  dominance  of  the  cyber  weapons  employed  during  the 
conflicts,  defenders  also  demonstrated  that  maneuver  and  resilience  in  cyberspace  might 
be  a  more  effective  countermeasure  than  the  direct  defensive  methods  attempted  a  year 
earlier  by  Estonia’s  CERT.  This  observation  does  not  imply  that  defense  ultimately 
dominates  offense  in  cyberspace,  but  instead  that  offensive  cyber  operations  have 
ephemeral  effects — they  do  not  take  and  hold  ground.  The  lesson  for  strategists, 
therefore,  may  be  that  cyber  attacks  produce  a  narrow  effect  window  and  require  precise 
timing;  if  used  indiscriminately,  cyber  attacks  lose  their  value  as  defenders  will  likely 
mitigate  the  attack  vector  and  reconstitute  their  services  in  a  more  defensible 
configuration.  Alternately,  low  sophistication  cyber  attacks  may  simply  be  used  to  disrupt 
the  adversary’s  military  decision  making  process  by  adding  another  line  of  operations 
that  defenders  must  react  to.  Eive  and  a  half  years  after  the  Russo-Georgian  conflict, 
some  of  these  lessons  about  effective  application  of  cyber  power  appeared  in  the  2014 
Russian-Ukrainian  Conflict. 

3.  2014  Russian-Ukrainian  Conflict 

The  conflict  between  Russia  and  Ukraine  that  began  in  earnest  after  former 
Ukrainian  President  Viktor  Yanukovich  fled  from  office  in  Eebruary  2014  has  been 
considered  by  many  observers  as  typifying  Russia’s  recently  articulated  hybrid  warfare 
concept.  Hybrid,  or  non-linear  war,  relies  on  operations  across  the  full  spectrum  of 
instruments  of  power  applied  by  regular  and  irregular  forces,  and  cyber  and  information 
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operations  are  an  integral  element  of  this  multifaeeted  strategy.  The  Ukrainian  eonfliet 
may  be  seen  as  the  most  contemporary  refinement  of  the  cyber  power  lessons  from  the 
Estonian  and  Georgian  conflicts:  offensive  cyber  operations  conducted  by  Russian 
surrogates  have  undermined  Ukrainian  state  legitimacy,  embarrassed  NATO  allies,  and 
intimidated  opposition  forces. 

A  wide  variety  of  cyber  operations  have  been  conducted  throughout  the  Russian- 
Ukrainian  conflict,  demonstrating  a  high  degree  of  operational  and  tactical  flexibility  at 
the  low,  moderate,  and  high  levels  of  technological  sophistication.  The  pro-Russian, 
Ukrainian-based  CyberBerkut  hacker  group  claims  many  such  accomplishments:  the 
disruption  of  German  government  websites,  intercept  of  U.S.  -Ukrainian  military 
cooperation  documents,  interference  in  the  Ukrainian  elections,  DDoS  attacks  against 
NATO  websites,  blocking  of  Ukrainian  government  and  media  websites,  and  various 
negative  messaging  campaigns  slandering  pro-Ukrainian  targets. ^2  Other  pro-Russian 
cyber  actors  leaked  embarrassing  telephone  call  transcripts,  physically  disrupted 
telecommunications  infrastructure,  blocked  mobile  phone  communications  of  political 
leaders,  and  exfiltrated  sensitive  data  from  Ukrainian  government  computers.  Despite 
this  variety  of  attack  types,  security  experts  speculate  that  the  full  arsenal  of  Russian 
cyber  capability  was  not  demonstrated,  and  that  attack  sophistication  remained 
proportional  to  Russia’s  limited  political  objectives  and  concurrent  military  operations. 

The  net  effect  of  the  cyber  campaign  appears  to  have  positively  contributed  to  the 
Russian  strategy  in  Ukraine.  The  Russian  formulation  of  hybrid  war,  according  to  the 
unofficial  Gerasimov  doctrine,  relies  on  the  information  space — the  Russian 
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terminological  analogue  to  cyberspace — for  “reducing  the  fighting  potential  of  the 
enemy... influencing  state  structures  and  the  population.”^^  por  example,  efforts  to 
influence  Ukrainian  parliamentary  elections  with  DDoS  attacks  and  a  successful  hack  of 
Ukraine’s  Central  Election  Commission  network  prior  to  the  Presidential  election  did  not 
lead  to  a  pro-Russian  outcome,  but  likely  undermined  electoral  legitimacy  as  perceived 
by  Ukrainians  and  Russians.^®  Similarly,  the  intrusion  into  Ukraine’s  telecommunication 
system  and  release  of  U.S.  Assistant  Secretary  of  State  Victoria  Nuland’s  controversial 
telephone  conversation  with  the  U.S.  Ambassador  to  Ukraine,  Geoffrey  Pyatt,  created 
diplomatic  embarrassment  for  the  United  States  and  possibly  served  to  intimidate 
Ukraine’s  other  international  supporters.  Unlike  such  targeted,  sophisticated  cyber 
attacks,  lower  sophistication  attacks  like  DDoS  and  site  defacements,  seem  to  have  had 
little  effect  and  instead  led  to  retaliatory  DDoS  and  defacement  strikes  by  pro-Ukrainian 
actors. Through  early  2015,  Russia  appears  to  have  succeeded  in  its  objectives  in 
Crimea,  and  the  cyber  campaign  contributed  to  this  achievement,  establishing  Russian 
information  dominance  that  limited  Ukrainian  command  and  control  and  facilitated  pro- 
Russian  messaging. 

During  the  Estonia  and  Georgia  cyber  conflicts,  direct  attribution  of  pro-Russian 
cyber  attacks  to  the  Russian  state  proved  impossible,  and  this  aspect  of  cyber  warfare  was 
also  true  of  the  Ukrainian  conflict.  As  before.  Kremlin  has  denied  involvement  or 
sponsorship  of  the  cyber  attackers  despite  the  obvious  alignment  with  state  interests. 
Additionally,  Russians’  reliance  on  irregular  and  covert  ground  troops  during  the  conflict 
in  order  to  establish  plausible  deniability  and  thwart  retaliation  mirrors  the  attribution 
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difficulty  in  cyberspace.  According  to  both  its  doctrine  and  actual  force  employment, 
Russian  military  capability  should  be  understood  as  intentionally  obfuseating  the  military 
means  used  to  achieve  political  ends.  Because  during  the  Ukraine  conflict  Russia 
demonstrated  that  it  sought  to  benefit  from  attribution  uncertainty  throughout  the 
spectrum  of  its  instruments  of  power,  by  relying  on  covert  and  perhaps  perfidious  tactics 
Russia  will  likely  eause  other  states  to  view  potential  pro-Russian  actions  with  greater 
suspieion.  Russian  plausible  deniability  has  lost  eredibility,  and,  therefore,  despite 
diffieulty  in  positive  attribution,  future  eyber  attacks  matching  pro-Russian  attack  profiles 
may  beeome  de  faeto  attributed  to  Russia. 

The  reporting  of  cyber  operations  during  the  ongoing  Ukrainian  conflict  has  been 
a  narrative  of  suceessful  offensive  cyber  operations.  In  Mareh  2014,  prior  to  the 
annexation  of  Crimea,  security  experts  from  FireEye  predicted  that  Russian  cyber 
strategy  will  be  more  subtle  and  sophisticated  than  the  Russian-affiliated  previous  attaeks 
against  Estonia  and  Georgia,  and  that  “Moseow  is  more  likely  to  use  narrowly  focused, 
limited  operations  in  support  of  strategie  state  objeetives.”^^  Though  this  predietion 
insightfully  anticipated  the  use  of  more  sophistieated  attacks  types,  they  may  have 
overestimated  the  Russian  government’s  ability  to  eontrol  its  proxies;  CyberBerkut,  for 
example,  has  relied  on  seemingly  senseless  DDoS  attacks  against  non-strategic  targets. 
As  the  result,  the  use  of  low  sophistieation  DDoS  and  defacements  precipitated  a  pro- 
Ukrainian  response  in  kind.^9  jn  contrast,  sophisticated  attacks  against  Ukrainian  targets, 
sueh  as  a  Snake/Uroboros  malware  exploits  of  government  computers  and  jamming  of 
Ukrainian  parliamentarians’  cell  phones,  appear  to  have  succeeded  without  triggering 
analogous  retaliation.  Unfortunately,  thus  far,  little  has  been  reported  about  failed  cyber 
attacks  by  each  side,  so  it  is  difficult  to  identify  instances  in  which  defenders  triumphed. 
As  in  previous  cyber  confiiets,  the  eonflict  in  Ukraine  demonstrated  the  dominance  of 
offensive  eyber  weapons,  but  it  has  also  shown  a  vulnerability  to  retaliation  once  widely 
available  cyber  weapons  are  launched.  If  the  Russian  government  intentionally  refrained 
from  cyber  escalation,  as  predicted  by  EireEye  security  experts,  this  may  imply  a  Russian 
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perception  that  cyber  weapons  may  provide  a  punitive  deterrent.  Such  perceptions  may 
contribute  to  explaining  Russian  investments  in  hardening  its  cyber  terrain  and  passing 
reforms  that  limit  diffusion  of  cyber  power  to  Russian  non-state  actors  over  whom  the 
state  may  not  exercise  sufficient  control. 

Lastly,  according  to  the  Freedom  House  assessment  of  Internet  Freedom  Status, 
though  Internet  use  in  Ukraine  was  not  universal,  and  despite  some  efforts  by  the 
government  to  restrict  Internet  access,  Ukrainians  enjoyed  a  robust  and  open  Internet 
prior  to  the  conflict. Unlike  Georgians,  who  could  only  access  the  Internet  by  traversing 
Russian  and  Turkish  infrastructure,  Ukraine’s  ISPs  were  decentralized  and  had  both 
terrestrial  and  satellite  path  diversity  to  the  rest  of  the  world. ^2  relative  openness  of 
Ukraine’s  cyberspace  likely  encouraged  the  continuous,  broad  range  of  cyber  attacks 
within  the  country,  including  attacks  by  pro-Russian  groups  like  CyberBerkut  that  claim 
to  operate  from  within  Ukraine.  Unlike  in  Georgia  in  2008,  no  attempts  to  isolate  Ukraine 
in  cyberspace  have  been  reported.  Instead,  pro-Russian  forces  targeted  key  cyber  terrain, 
such  as  the  election  system  and  the  Crimean  telecom  infrastructure,  at  operationally 
decisive  points.  Most  notably,  as  the  Crimean  invasion  culminated,  Russian  Special 
Forces  and  Russian  Military  Intelligence  contributed  to  the  cyber  campaign  with  physical 
operations  designed  to  produce  cyber  effects;  they  installed  data  intercept  devices  and 
physically  isolated  Crimean  Internet  and  telecommunications  infrastructure, 
demonstrating  the  synergistic  potential  of  operations  synchronize  among  the  cyber  and 
other  warfighting  domains. ^3  To  date,  the  cyber  campaigns  against  Ukraine  demonstrated 
the  vulnerability  of  an  open  national  cyberspace  and  the  value  of  cyber  operations 
synchronized  with  ground  objectives. 


[Evidence  of  these  developments,  such  as  investments  such  as  content  filtering  systems  and  anti¬ 
cybercrime  law  enforcement  efforts,  is  addressed  at  greater  length  in  subsequent  sections  and  in  Chapter  3.] 
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4,  Other  Sources  of  Cyber  Capability 

The  cyber  attacks  against  Estonia,  Georgia,  and  Ukraine,  assumed  by  the  author 
to  have  been  applications  of  Russian  cyber  power  to  achieve  state  interests,  serve  as 
examples  of  capability  brandished  by  Russia.  In  addition  to  these  overt  cases,  insight  into 
Russian  cyber  capability  can  be  gained  from  considering  the  capability  of  Russian  cyber 
criminals  and  by  making  reasonable  estimates  about  the  capabilities  of  Russian 
intelligence  services. 

a.  Cyber  crime 

After  the  2008  Russo-Georgian  Cyber  War,  security  analysts  concluded  that  the 
botnets  used  in  the  attack  mimicked,  or  more  likely,  belonged  to  the  Russian  Business 
Network  (RBN),  a  cybercriminal  organization  that  gained  notoriety  in  2007  and  2008.^4 
During  the  conflict,  the  RBN  also  likely  performed  hacks  against  Georgia’s  routing 
infrastructure  in  an  effort  to  complement  the  attempted  cyber  blockade.  Additionally, 
RBN  hosted  the  Internet  forums  that  were  so  essential  to  the  command  and  control  of  the 
cyber  attacks,  providing  a  so-called  bulletproof  hosting  that  gave  attacker  anonymity 
from  security  investigators  and  CERT  responders. Although  it  is  unclear  under  what 
conditions  RBN’s  resources  were  mobilized  against  Georgia,  their  resources  played  a  key 
role  in  the  cyber  portion  of  the  conflict. 

Since  2008,  the  Russian  Business  Network  faded  from  prominence,  but  Russia 
remains  a  hotspot  of  cybercrime.  Cybercrime  is  a  term  that  encompasses  a  broad  range  of 
illegal  activities  such  as  media  piracy,  child  pornography  distribution,  and  identity  theft. 
Certain  types  of  cybercrime  tools  and  tactics  can  also  double  as  offensive  cyber 
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operations.  Botnets  for  rent,  for  example,  ean  be  used  for  eondueting  DDoS  attaeks,  and 
malware  droppers  might  also  be  used  to  gain  remote  aeeess  to  a  system  in  order  to  deliver 
a  malicious  payload  or  induce  destructive  system  behavior.  According  to  a  Trend  Micro 
analysis  of  the  Russian  cybercrime  economy,  today’s  Russian  cyber  criminals  specialize 
in  for-purchase  traffic  direction  systems  (TDS) — tools  that  steer  legitimate  Internet  traffic 
toward  sites  that  conduct  specific  follow-on  attacks. 97  Though  TDS  is  their  current 
specialty,  Russian  cybercriminals  also  develop  and  sell  other  services  that  can  be  used  for 
conducting  a  cyber  attack:  malware,  exploit  kits,  bulletproof  hosting,  anonymizer 
services,  hacking  services,  and  DDoS  attacks-by-the-hour.98 

Although  other  countries,  including  the  United  States,  also  suffer  from 
cybercrime,  the  Russian  government  stands  out  as  a  potential  consumer  of  its 
cybercriminal  underground.  As  the  Georgian  conflict  illustrated,  pro-Russian  non-state 
actors  like  the  Nashi  Youth  organization  likely  served  as  proxies  who  either  purchased  or 
coopted  criminal-developed  cyber  weapons.  99  The  Russian  government  has  been 
criticized  for  its  semi-permissive  approach  toward  cybercrime,  and  this  lax  stance  may 
reflect  a  deliberate  intent  to  cultivate  “an  ecosystem  of  cybercrime”  that  may  be 
mobilized  to  serve  state  interests  during  conflicts,  avoiding  direct  attribution  to  the 
state. 

b.  State  Capabilities 

Analysis  of  Russian  cyber  capability  often  alludes  to  presumed  advanced 
technology  and  tradecraft  of  the  Federal  Security  Services,  Foreign  Intelligence  Service, 
and  the  Main  Intelligence  Directorate  of  the  General  Staff  of  the  Armed  Forces.  Because 
these  organizations  operate  with  a  high  degree  of  secrecy,  very  little  information  on  their 


97  Max  Goncharov,  Russian  Underground  Revisited,  CyberCriminal  Underground  Economy  Series 
(Trend  Micro,  2014):  4,  7-8,  http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white- 
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98  Ibid.,  16-8. 
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capability  is  available,  and  capability  analysis  requires  assumptions  about  capabilities 
that  these  organizations  can  be  reasonably  expected  to  possess. 

Unlike  the  highly  publicized,  persistent  cyber  espionage  against  America  by 
Chinese  state  actors,  Russian  intelligence  agencies  have  maintained  a  stealthy  cyber 
profile.  When  describing  the  cyber  threat  to  the  nation,  U.S.  officials  often  refer  to  Russia 
as  a  potentially  highly  sophisticated  cyber  adversary  capable,  according  to  Director  of 
National  Intelligence  James  Clapper,  of  carrying  out  attacks  against  critical 
infrastructure.  Little  evidence  of  this  capability  exists  in  the  public  record.  For 
example,  a  serious  cyber  security  breach  of  Department  of  Defense  networks  in  2008  by 
Agent.BTZ  malware  was  only  loosely  linked  to  Russia  intelligence  services.  1^2  to 
the  difficulty  in  attributing  cyber  attacks  and  because  Russia’s  intelligence  services  are 
highly  adept  at  maintaining  secrecy,  their  cyber  capabilities  are  assumed  to  be  highly 
sophisticated  as  a  reflection  of  those  intelligence  services’  overall  reputations. 
Fortunately,  some  evidence  of  this  high-level  capability  has  been  detected  in  the  recent 
years,  allowing  for  more  reliable  capability  estimates. 

In  2014,  security  experts  at  FireEye  published  a  special  report,  “APT28:  A 
Window  into  Russia’s  Cyber  Espionage  Operations?”  detailing  what  they  argue  is  a  state- 
sponsored  advanced  persistent  threat  that  Russia  has  used  in  various  forms  to  collect 
foreign  intelligence  over  the  last  seven  years.  1*^3  set  of  cyber  operations,  labeled 
APT28,  has  exploited  Georgian,  Eastern  European  government,  NATO,  and  OSCE 
targets  for  defense-related  information.  The  tools  used  by  APT28  have  evolved  since 
2007,  showing  a  development  commitment  that  EireEye  believes  implies  Russian 

James  R.  Clapper,  “Remarks  as  Delivered  by  DNI  James  R.  Clapper  on  ‘National  Intelligence, 
North  Korea,  and  the  National  Cyber  Discussion’  at  the  International  Conference  on  Cyber  Security” 
presented  at  the  International  Conference  on  Cyber  Security,  Fordham  University,  January  8,  2015, 
http://www.dni.gOv/index.php/newsroom/speeches-and-interviews/208-speeches-interviews-2015/1156- 
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government  sponsorship,  jf  the  report’s  conclusions  are  correct,  it  illuminates  Russia’s 
ability  not  only  to  disrupt  cyber  systems,  but  also  to  gain  access  to  secure  systems, 
enabling  a  range  of  hostile  cyber  operations:  intelligence  collection,  data  manipulation, 
and  remote  system  control.  Due  to  the  inherent  perishability  of  high-end  cyber  payloads, 
unless  they  are  used  in  a  conflict  that  rises  to  jus  ad  helium  conditions,  such  payloads  will 
likely  remain  merely  hypothesized,  but  highly  sophisticated  delivery  systems  like  those 
used  by  ATP28  may  serve  as  a  payload  capability  indicator.  Because  U.S.  officials 
consistently  categorize  Russian  intelligence  services’  cyber  capabilities  as  on  par  with 
other  leading  states,  and  because  the  ability  of  the  Russian  state  actors  to  gain  access  to 
secure  foreign  networks  has  been  demonstrated,  strategic  analysis  should  assume  that  the 
Russian  military  and  intelligence  services  possess  highly  sophisticated  offensive  cyber 
weapons. 

B,  CYBER  GEOGRAPHY 

The  geography  of  cyberspace  is  an  important  factor  for  gauging  a  state’s  cyber 
capability.  States’  Internet  topologies,  infrastructure  resources,  and  control  over  the 
salient  features  of  their  cyberspace  vary  greatly.  These  geographic  differences  likewise 
differentiate  their  utility  for  offensive  and  defensive.  Martin  Libicki  argues  that  the 
defensive  operations  in  cyberspace  are  in  effect  actions  that  “change  the  particular 
features  of  one’s  own  portion  of  cyberspace  itself  so  that  it  is  less  tolerant  of  attack.”  1^5 
The  extent  to  which  a  state  may  have  the  technical  means  to  modify  this  terrain  may 
therefore  translate  to  its  defensive  capacity.  The  following  section  will  consider  Russia’s 
cyber  geography  according  to  two  categories:  the  key  features  of  Russian  cyberspace  and 
the  Russian  government’s  technological  ability  to  manipulate  its  cyberspace. 


104  APT28,  19. 
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1,  Cyber  Terrain  Features 

Among  U.S.  officials  and  security  analysts,  it  is  canon  that  national  cyber  seeurity 
relies  on  a  partnership  between  the  government  and  the  private  sector;  it  is  the  private 
sector  that  owns  and  operates  the  vast  majority  of  American  critical  infrastructure  and  is 
exposed  to  the  preponderance  of  cyber  attacks,  Although  the  nature  of  the 

government-private  relationship  in  Putin’s  Russia  is  a  mixture  of  state  and  erony 
eapitalism,  Russian  industry  likewise  plays  an  important  role  in  Russian  eyber  security. 
The  key  features  of  Russian  cyber  terrain  are  its  telecommunications  infrastructure, 
hardware  supply  chain,  and  information  security  technology  sector. 

The  backbone  of  the  Internet  is  the  teleeommunieation  sector — the  organizations 
that  provide  broadband,  cellular,  and  satellite  transport  for  data.  Russia’s  broadband  and 
mobile  eommunications  seetors  are  highly  consolidated;  just  six  eompanies  dominate 
77.1%  of  the  broadband  market,  while  92%  of  the  mobile  market  is  controlled  by  four 
operators.!*’^  Although  most  of  these  companies  are  privately  owned,  the  largest  operator 
that  eontrols  one  third  of  all  Russian  broadband  aeeess,  Rostelecom,  is  state-owned.  1^8 
Importantly,  these  companies  operate,  if  not  in  eollusion  with,  then  under  the  eoereion  of 
the  Russian  government  through  its  onerous  teleeommunieation  regulations. 
Additionally,  because  some  of  these  companies  also  operate  abroad,  those  countries 
effectively  rely  on  Russian  cyber  terrain  to  access  their  own  eyber  resources.  1^9 

Although  the  Russian  government  exereises  some  control  over  the 
teleeommunieations  infrastructure  operators,  the  physieal  infrastructure  of  Russia’s 
eyberspace,  the  hardware  and  software  eomponents  that  transmit,  proeess,  and  store  data, 
is  almost  exelusively  of  foreign  design  and  manufaeture.  In  an  interview  with  Radio  Eeho 
Moscow,  Major-General  Igor  Sheremet,  the  Chairman  of  the  Russian  Federation’s 

James  P.  Farwell,  “Industry's  Vital  Role  in  National  Cyber  Security,”  Strategic  Studies  Quarterly, 
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General  Staffs  Military-Seienee  Committee,  aeknowledged  that  Russia  relies  on  Ciseo 
routers  and  other  foreign  teehnology  for  its  eyber  infrastrueturefio  He  argues,  however, 
that  the  Russian  government  minimizes  this  risk  through  a  rigorous  eomponent 
eertifieation  program,  and  through  state  projeets  to  ereate  domestieally-manufaetured 
eleetronie  eomponents  for  military  and  other  eritieal  uses.  Although  he  aeknowledges  that 
it  is  unrealistie  to  expeet  Russian  teehnology  eompanies  to  outeompete  foreign 
manufacturers  in  the  domestic  market,  Sheremet  claims  that  Russia  already  has  the 
domestic  capacity  to  supply  30%  of  its  military  requirements,  and  expects  this  number  to 
grow  to  95%  by  2020. 1 1 1 

In  a  2014  article  that  he  authored,  Major-General  Sheremet  further  asserts  that 
Russia’s  technological  dependence  is  only  temporary.  According  to  him,  the  Russian 
government  is  making  a  serious  academic  investment  to  leapfrog  current  technology 
leaders  by  investing  in  quantum  and  optical  computing.  112  While  such  technological 
leaps  may  be  more  hopeful  than  practical,  the  Russian  government  has  taken  concrete 
steps  to  stimulate  domestic  technology  development.  The  most  prominent  initiative,  the 
Skolkovo  Innovation  Center,  aspires  to  create  a  Russian  Silicon  Valley.  Despite 
continued  financial  commitment  from  the  Russian  government,  this  project  faces  an 
uncertain  future,  however.  Early  international  enthusiasm  and  support  for  Skolkovo  has 
declined  due  to  Ukraine  conflict-related  economic  sanctions,  while  corruption-ridden 
construction  projects  missed  deadlines  and  exceeded  cost  estimates,  whether  this 
attempt  to  grow  Russia’s  own  technology  base  succeeds  increasingly  seems  unlikely. 


1 10  Sergei  Buntman,  Aleksandr  Kurennoy,  and  Anatoliy  Ermolin,  “Informatsionnaya  i 
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2,  2013),  http://echo.msk.m/programs/arsenal/1208183-echo/. 
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The  highlight  of  the  Russian  information  security  technology  sector  is  the 
privately  owned  security  company  Kaspersky  Lab.  This  cyber  security  company  named 
after  its  cofounder,  Eugene  Kaspersky,  has  continued  to  play  a  leading  role  in 
international  cyber  security,  rivaling  its  competitors:  McAfee,  Norton,  and  Symantec. 
According  to  its  website,  Kaspersky  Lab  products  protect  over  400  million  users 
worldwide,  and  the  company  has  established  a  renowned  reputation  by  being  the  first  to 
identify  and  analyze  Stuxnet,  as  well  as  its  derivative  variants.  The  company’s  security 
analysis  extends  beyond  conventional  cyber  threats;  according  to  Kaspersky,  his 
company’s  research  and  developments  also  includes  secure  operating  systems  to  defend 
SCADA-reliant  critical  infrastructure — a  vital  area  of  cyber  security, 

In  addition  to  the  Kaspersky  Lab’s  impressive  technical  prowess,  the  company 
has  an  intriguing  relationship  with  the  Russian  state.  Although  in  an  interview  with  the 
Russian  newspaper,  “Kommersant,”  Kaspersky  casually  laughs  off  the  interviewer’s 
suggestion  that  he  coordinates  with  the  Putin  administration,  the  company’s  relationship 
with  the  Russian  state  is  potentially  suspect.  Eugene  Kaspersky  began  his  education  at 
a  KGB-backed  science  academy  and  applied  this  training  as  a  Soviet  army  intelligence 
officer.  118  A  decade  later,  after  the  collapse  of  the  U.S.S.R.,  he  started  Kaspersky  Lab. 
According  to  Wired  Magazine’s  profile  of  Kaspersky  labs,  although  the  ESB  does  not 
tamper  with  Kaspersky  Lab  software,  the  company  and  the  state  security  agency  maintain 
a  close  working  relationship,  Russia’s  Loreign  Ministry  likewise  relies  on  Kaspersky 
Lab  services,  while  Kaspersky  often  echoes  the  Russian  government’s  cyber  rhetoric  at 
international  forums,  i^o  The  extent  of  this  relationship  is  a  matter  of  speculation,  but 

11^  “About  Kaspersky  Lab,”  Kaspersky  Lab,  accessed  January  19,  2014, 
http://www.kaspersky.com/about. 

116  “Yesli  Budut  ‘Valit’”  Region,  Gorod  Hi  Stranu  Tselikom  —  Do  Svidan’ya  [If  They  Attack  a 
Region,  City,  or  the  Whole  Country  -  Goodbye],”  Kommersant,  March  28,  2013, 
http://www.kommersant.ru/doc/2155845. 

117  Ibid. 

118  Noah  Shachtman,  “Russia’s  Top  Cyber  Sleuth  Foils  US  Spies,  Helps  Kremlin  Pals,”  Wired 
Magazine,  July  23,  2012,  http://www.wired.com/2012/07/ff_kaspersky/. 

119  Ibid. 

120  Oleg  Demidov  and  Maxim  Simonenko,  “Flame  in  Cyberspace,”  Security  Index:  A  Russian  Journal 
on  International  Security  19,  no.  1  (February  2013):  71-2.  doi:10. 1080/19934270. 2013. 757131. 


36 


Kaspersky  Lab’s  technology  prominence  is  not.  The  company  is  a  key  actor  in 
international  cyber  security,  and  it  is  cloud-based  threat  network  may  also  double  as  a 
powerful  sensor  and  defensive  mechanism  that  operates  from  within  Russian  cyberspace. 

2,  Cyberspace  Control 

The  Russian  government’s  position  on  the  role  of  the  Internet  in  society  has 
varied  over  the  past  decade.  According  to  the  Freedom  House  report,  “Freedom  on  the 
Net  2014:  Russia,”  61%  of  Russia’s  population  had  access  to  the  Internet  in  2013.121 
Though  this  Internet  penetration  rate  lags  behind  France’s  82%,  United  States’  84%,  and 
United  Kingdom’s  90%  Internet  penetration  rate  for  2013,  it  nonetheless  represents  a 
sizable  segment  of  the  worlds’  Internet  users.  122  Aforementioned  cyber  capability  case 
studies  demonstrated  the  Russian  state’s  reliance  on  its  patriotic  Internet  users,  hackers, 
and  cyber  criminals  as  a  militia  to  be  mobilized  in  support  of  state  interests.  While  the 
hacktivists  enjoyed  a  semi-permissive  Internet  environment  at  the  time  of  the  Estonia  and 
Georgia  cyber  attacks,  the  rest  of  Russia’s  population  enjoyed  a  liberal  Internet 
experience.  This  attitude  of  the  Russian  government’s  toward  Russia’s  own  Internet  users 
has  been  changing  since  2012,  however.  During  the  2011  parliamentary  election, 
opposition  groups  rallied  on  Internet  social  media  sites  to  protest  the  Putin  regime.  123 
Since  then,  the  Russian  government  has  made  changes  to  Russian  Internet  architecture 
and  domestic  policy.  Freedom  House  calculates  that  these  changes  were  the  most  severe 
decline  of  Internet  freedom  of  any  state  in  2013.^24  This  curtailment  of  Russians’  Internet 
freedom  has  resulted  in  an  improved  defensiveness  of  Russia’s  cyber  terrain,  and 
coincidentally  also  made  attacking  from  Russia’s  cyberspace  more  difficult. 

Russia’s  battle  against  the  Tor  network  technology  epitomized  these  technological 
changes.  In  July  of  2014,  Russian  President  Vladimir  Putin  made  headlines  when  the 
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Russian  Interior  Ministry  offered  a  3.9  million-ruble  bounty  for  a  technical  solution  for 
identifying  Tor  (The  Onion  Router)  users.  125  xhis  solicitation  was  just  Russia’s  latest 
effort  at  curbing  Tor  use;  the  Russian  government  had  previously  considered  legislation 
to  ban  the  technology  and  related  software  products.  126  xhe  government’s  rationale  for 
targeting  Tor  and  its  users  is  to  curb  certain  types  of  cybercrime — Tor  is  the  premier 
technology  for  masking  online  identity.  For  the  same  reason,  it  has  also  become  the  tool 
of  choice  for  critics  of  the  Putin  regime,  who  use  the  network  to  circumvent  Russia’s 
other  increasingly  draconian  Internet  censorship  measures.  127  Though  the  Russian 
government  has  yet  to  succeed  in  developing  a  Tor  countermeasure,  when  it  does,  it  will 
be  capable  not  only  of  thwarting  child  pornographers  and  political  dissidents,  but  it  will 
also  improve  its  defense  against  many  variants  of  cyber  attacks.  Because  Tor  functions  as 
an  anonymous  network  overlaid  on  top  of  existing  networks,  it  is  commonly  used  as  an 
unattributable  mechanism  for  attacks  command  and  control  and  for  establishing  a  secure 
pathway  for  cyber  attacks.  128  If  successful,  Russia’s  efforts  to  prevent  Tor  use  will  strip  a 
layer  of  non-attribution  from  cyber  attacks.  Unlike  its  permissive  attitude  toward 
cybercrime  at  the  time  of  the  Russo-Georgian  War,  more  recently,  the  Russian 
government  appears  willing  to  sacrifice  the  offensive  capability  of  its  criminal  proxies  in 
favor  of  improved  defensiveness. 

Restrictions  on  Tor  use  would  deny  users  secure  and  anonymous  access  to  online 
resources,  but  the  Russian  government  has  also  attempted  to  limit  anonymity  through  less 
sophisticated  measures.  User  attribution  begins  with  access  to  the  Internet  Service 
Provider  (ISP).  According  to  TNS  Russia,  a  research  firm  cited  by  Freedom  House,  half 
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of  Russia’s  Internet  users  aeeess  the  web  via  their  mobile  deviees.i29  xhis  mobile  aeeess 
is  traeked  to  individuals  through  SIM  eards;  which  in  Russia  must  be  registered  to  a 
person’s  passport.  The  same  passport-based  registration  also  applies  to  terrestrial,  paid 
Internet  service,  a  law  passed  in  August  2014  further  restricts  Internet  access  by 
likewise  requiring  passport  information  to  connect  to  state-funded  public,  and  possibly,  to 
commercially-provided  public  Wi-Fi  Internet  access  points.  The  sum  effect  of  these 
rules  is  that  within  Russian  cyberspace,  one’s  cyber  persona  is  strongly  attributed  to  the 
physical  persona  upon  connecting  to  the  Internet. 

In  addition  to  restricting  anonymous  access  and  anonymous  transport,  Russian 
authorities  have  attempted  to  limit  anonymous  content.  A  law  passed  in  May  of  2014  has 
established  a  standard  for  content  attribution;  blogging  sites  that  attract  a  daily  audience 
of  more  than  3,000  visitors  must  register  with  the  Federal  Service  for  Supervision  of 
Communications,  Information  Technology  and  Mass  Media,  or  Roskomnadzor.  This  law 
requires  bloggers  meeting  this  threshold  to  provide  personally  identifiable  information 
and  assume  financial  liability  for  the  accuracy  of  the  contents  on  their  blogs.  132  Xo 
support  the  technical  ability  of  the  state  to  enforce  this  policy,  the  Russian  government 
also  introduced  law  that  mandates  data  localization.  By  2016,  companies  that  collect  and 
store  data  belonging  to  Russian  citizens  will  be  required  to  physically  store  that  data  on 
Russian  territory.  133  When  implemented,  this  requirement  will  enable  easier  data 
intercept,  data  retrieval,  and  possibly  data  protection  by  moving  Russian  citizens’  data 
within  the  state’s  legal  and  physical  jurisdiction. 
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Along  with  the  changes  to  Russian  cyberspace  to  restrict  anonymity,  the  Russian 
government  has  also  implemented  technology  that  restricts — ^based  on  content — 
information  flow  within  Russian  cyberspace.  Beginning  with  Putin’s  election  to  the 
presidency  in  2012,  his  government  has  passed  legislation  has  enables  the  Russian 
government  to  filter  website  content.  These  restrictions  began  under  the  pretense  of 
protecting  children  on  the  Internet:  on  November  1,  2012,  the  Russian  government  passed 
a  law  enabling  Roskomnadzor  to  blacklist  offender  websites  without  trial.  134  Qn 
December  2013,  the  government  expanded  these  powers  to  authorize,  without  due 
process,  the  shutdown  of  websites  “for  participation  in  unsanctioned  public  actions. ”135 
Though  the  Russian  government’s  ability  and  willingness  to  silence  free  speech  on  the 
Internet  is  disconcerting  from  a  human  rights  perspective,  from  an  offense-defense 
analysis  perspective  this  ability  also  reflects  changes  to  the  defensiveness  of  Russia’s 
cyber  terrain.  The  creation  and  access  of  content  within  Russian  cyberspace  is  now 
controlled  through  technical  measures  implemented  by  Russian  ISPs  at  the  behest  of  the 
Russian  government.  These  content  blacklists  are  a  form  of  allow-by-default  deny-by- 
exception  security  posture,  and  though  this  posture  is  not  as  restrictive  as  a  deny-by- 
default  allow-by-exception  security  stance,  it  represents  a  shift  away  from  a  fully  open 
allow-all  Internet  environment  to  a  nationally  censored,  individually  attributable 
Internet.  136 

In  addition  to  the  Roskomnadzor’s  control  of  data  flow,  within  Russian 
cyberspace,  the  government  dominates  the  analogue  to  the  physical  high  ground  with 
FSB  sensors:  its  System  for  Operative  Investigative  Activities  (SORM)  allows  the  state  to 
intercept  and  monitor  Russian  Internet  traffic  and  analog  telecommunications.  SORM  is  a 
descendent  of  Soviet-era  KGB  research  and  development  efforts;  over  three  generations 
of  SORM  device  refinements,  the  FSB  has  developed  the  capability  to  completely  track, 
monitor,  and  store  all  of  Russians’  electronic  communications.  The  initial  1990s  SORM 
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variant,  SORM-1  intercepted  and  recorded  land  and  mobile  telephone  conversations. 
Versions  2  and  3  expanded  that  capability  to  include  Internet  traffic — including  bitwise 
capture  and  storage  of  all  transmitted  data  and  metadata.  1^7  Russian  law  requires  all 
Russian  ISPs  to  install  this  surveillance  hardware  and  configure  their  data  routing  to  pass 
through  SORM  devices,  which  in  turn  forward  that  data  to  FSB  and  other  Russian 
intelligence  services  for  additional  exploitation.  138 

Although  SORM  is  a  powerful  sensor  technology,  its  reach  is  limited  by  its 
physical  placement.  The  devices  can  only  be  placed  within  Russian  jurisdiction — 
intercept  of  data  transmissions  to  and  from  internationally  hosted  content  is  more 
problematic.  139  Some  of  this  limitation  may  be  overcome  by  SORM’s  speculated  ability 
to  perform  deep  packet  inspection,  or  the  ability  to  view  the  content  of  the  data  packets 
encapsulated  with  TCP/IP  and  UDP  communications  protocols  used  for  much  of  the 
Internet  data  transmission.  The  devices,  therefore,  may  be  able  to  capture  and  reconstruct 
a  portion  of  the  unencrypted  communication  between  Russian  users  and  non-Russian 
resources.  140  However,  encrypted  communication  by  popular  social  media  and  other 
Internet  service  sites  is  increasingly  becoming  the  norm,  and  this  trend  will  be  a  growing 
challenge  for  FSB.  The  Russian  government  may  have  a  strategy  to  overcome  these 
encryption  barriers.  When  Russian  data  localization  legislation  takes  effect  in  2016  and 
Russian  user  data  has  to  be  hosted  at  Russian  locations,  SORM  boxes  at  the  data  centers 
will  likely  be  placed  on  the  unencrypted  side  of  the  communication  path,  preempting 
many  data-in-transport  encryption  safeguards.  There  is  a  technology  race  between 
methods  to  intercept  data  and  techniques  to  hide  it,  but  at  the  movement,  Russia’s  SORM 
appears  to  have  the  upper  hand  within  Russian  cyberspace. 
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c. 


HYPOTHESIS  ASSESSMENT 


The  historical  case  studies  of  Russian-affiliated  cyber  attacks  clearly  demonstrate 
that  the  offensive  cyber  weapons  in  the  Russian  government’s  arsenal  have  the 
advantage — cyber  attacks  consistently  succeeded  at  disrupting  or  compromising  their 
targets.  The  available  evidence,  therefore,  best  supports  hypotheses  HI.  Russia’s  cyber 
capability  is  offensive  and  the  posture  is  indistinguishable  as  either  offensive  or  defensive 
and  H3.  Russia ’s  cyber  capability  is  offensive  and  the  posture  is  distinguishable  as  either 
offensive  or  defensive.  This  delineation,  however,  acknowledges  that  Russia  has  access  to 
cyber  weapons  along  the  spectrum  of  offensive-defense  cyber  capability,  and  not  in 
strictly  offensive  weapons.  Although  it  is  infamous  for  widely  perceived  complicity  in 
the  Estonian  and  Georgian  cyber  attacks,  the  Russian  government  is  also  increasingly 
investing  in  defensive  capability,  and  this  may  suggest  a  future  shift  in  its  capability 
balance.  Alternately,  and  more  likely,  Russia  may  be  investing  in  both  offensive  and 
defensive  capabilities,  but  the  defensive  investments  are  less  secretive. 

Because  this  chapter’s  case  studies  are  instances  cyber  weapons  use,  the  analytic 
difficulty  caused  by  the  inherent  secrecy  of  cyber  weapons  capability  is  not  as 
challenging  in  practice  as  it  is  in  theory.  Russia  has  notoriously  been  at  the  forefront  of 
cyber  weapon  use,  so  there  is  less  uncertainty  about  the  capability  and  performance  of  its 
cyber  weapons.  Although,  as  illustrated  by  the  discovery  of  APT28,  Russia  may 
reasonably  be  presumed  to  possess  and  continuously  develop  high  sophistication 
offensive  cyber  weapons,  the  historic  record  of  its  cyber  weapon  use  is  that  of  low  to 
moderate  technical  sophistication  weapons  employed  with  increasingly  improving 
tradecraft.  This  weapon  selection  and  use  has  two  important  implications  on  the  degree  to 
which  Russia’s  offensive  cyber  weapons  are  dominant  over  the  defense.  The  cyber 
attacks,  as  in  the  case  of  the  Russo-Georgian  conflict,  though  skillfully  coordinated  and 
executed,  either  targeted  known  vulnerabilities  or  used  publicly  available  attack  tools. 
Thus,  although  analysis  of  the  international  system  predicts  some  weapons  use  restraint 
due  to  the  desire  for  states  to  maintain  their  perishable  cyber  capabilities  secret,  Russia’s 
reliance  on  publically  available  tools  and  published  exploits  does  not  suffer  from  this 
restraint.  Additionally,  as  Patrick  Malone  estimates  in  his  offense-defense  cost  ratio 
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comparison  between  the  brute  foree  Estonian  eyber  attaeks  and  the  highly  sophistieated 
Stuxnet  attack  that  used  unpublished  exploits  and  a  custom  payload,  low  sophistication 
attacks  are  several  orders  of  magnitude  less  eostly  for  attaekers.^'^i  Lastly,  Russian  law 
enforeement’s  semi-permissive  attitude  toward  eybererime  further  lowers  the  state’s  cost 
for  maintaining  its  low-end  eapabilities.  By  using  high  cost  ratio  cyber  weapons  whose 
teehnology  is  already  public,  Russia  pays  a  lower  cost  for  weapon  use.  Though  the 
disadvantage  of  Russians’  cheaper  cyber  weapon  selection  is  lower  likelihood  of  success, 
the  disappointingly  long  timeframe  for  securing  systems  against  published  exploits 
presents  Russians  with  a  target-rieh  environment.  142 

Russian  eyber  weapons  also  escalate  instability  beeause  their  weapon  type  and 
taetics  inerease  the  incentive  for  eyber  retaliation.  The  DDoS  and  defacement  attacks 
used  in  Georgia  and  Ukraine  did  not  destroy  their  vietims’  capacity  to  respond  in  kind, 
leading  to  retaliatory  strikes.  Importantly,  because  proxy  actors  conducted  pro-Russian 
attacks,  the  Russian  government  was  less  able  to  restrain  their  proxies’  weapons  seleetion 
and  targeting  than  if  state  actors  conducted  the  attacks.  Unfortunately,  it  is  diffieult  to 
establish  the  exact  nature  of  this  relationship,  and  the  degree  of  control  or  direction  that 
the  Russian  government  can  exercise  over  its  proxies.  Additionally,  both  Georgia  and 
Ukraine  followed  the  Russian  model  for  cyber  attaeks  and  relied  on  their  own  non-state 
proxies  for  retaliation.  Consequently,  the  Russian  cyber  capability  dramatically  raises  the 
international  instability  in  eyberspaee — its  low-end  eyber  weapon  use  encourages 
retaliation  without  the  institutional  restraint  mechanisms  that  apply  to  conventional 
conflict  and  it  encourages  the  diffusion  of  cyber  power  to  non-state  actors.  While  FireEye 
security  experts  suspeeted  that  the  prospeet  of  retaliation  along  with  the  weapons’  relative 
crudeness  might  deter  Russia  from  using  low-end  cyber  weapons  in  Ukraine,  because  the 
Russian  government  relies  on  surrogates,  sueh  restraint  is  difficult  to  achieve. 

Russian  eyber  weapon  capability  encourages  aggression,  but  Russia  is  also 
changing  its  cyber  geography  to  increase  its  defensiveness  under  the  pretext  of 
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safeguarding  against  internal  eyber  threats,  but  this  teehnology  is  also  applieable  to 
external  threats.  Professor  Wade  Huntley  observes  that  one  explanation  for  why 
eyberspaee  has  not  been  designed  to  increase  its  defensiveness  is  that  states  may  believe 
that  the  cost  of  rebuilding  it  to  be  more  defensive  exceeds  the  cumulative  costs  of 
potential  attacks.  1^3  This  notional  challenge  of  cost  sharing  and  return  on  investment 
appears  to  be  recognized  in  practice  by  U.S.  critical  infrastructure  security  guidance  and 
policy  documents,  Russian  willingness  to  invest  in  restructuring  its  cyber  terrain 
suggests  that  the  Russian  government  increasingly  views  its  cyberspace  as  an  existential 
threat  to  the  regime  due  to  potential  political  opponents’  ability  to  organize  and  mobilize 
online.  Thus,  the  Russian  Federation’s  cost  analysis  for  hardening  cyberspace  differs 
from  the  Western  cost  analysis  that  puts  a  positive  value  on  the  Internet’s  openness  and 
freedom  from  heavy-handed  government  regulation;  to  the  Russian  government  the 
openness  of  the  Internet  incurs  an  additional  security  cost. 

The  technological  changes  that  the  Russian  government  has  implemented  in  its 
cyberspace  increasingly  shift  weapon  capability  in  favor  of  defenders.  The  Russian 
government  can  monitor,  intercept,  and  block  various  types  of  Internet  traffic.  It  can  also 
reduce  actor  anonymity.  In  the  most  extreme  case,  the  Russian  government  may  possess 
the  capability  to  create  a  fractured  cyberspace,  isolating  itself  from  external  threats — the 
pinnacle  of  geographical  defensiveness.  1^5  At  the  present,  however,  these  capabilities 
appear  to  be  internally  facing,  intended  to  suppress  domestic  cyber  threats.  If  in  the  future 
these  defensive  features  are  reoriented  externally,  though  this  change  would  improve 
Russian  defenders’  advantage,  this  change  might  nonetheless  increase  the  security 
dilemma.  If  Russia’s  cyber  defensiveness  exceeds  the  average  defensiveness  of  other 
states,  it  may  be  even  more  enticed  to  act  aggressively,  knowing  that  others’  ability  to 
retaliate  is  reduced. 
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Finally,  Russia’s  changes  to  its  cyber  geography  potentially  undermine  its 
offensive  weapons’  capability.  Its  terrain’s  defensive  features  such  as  content  filtering 
and  reduced  anonymity  negate  their  weapons  and  tactics  effectiveness.  If  the  Russian 
government  implements  security  backdoors  in  their  sensors  and  defense  tools  to  allow 
proxy  actors  to  continue  to  operate,  in  doing  so  they  negate  their  plausible  deniability  and 
potentially  signal  early  warnings  and  indicators.  The  alternative  is  that  Russian  proxies 
move  their  operations  outside  of  Russian  cyberspace,  but  in  doing  so  they  expose 
themselves  to  foreign  jurisdictions  where  they  might  be  detected  and  thwarted  with 
greater  ease.  Though  this  may  be  a  promising  consequence  of  Russian  cyber  terrain 
hardening,  it  is  likely  only  to  decrease  the  security  instability  caused  by  Russia’s  least 
sophisticated  weapons  and  actors. 

This  chapter  considered  Robert  Jervis’s  key  security  dilemma  variable  as  applied 
to  Russia — whether  Russia  has  invested  in  offensive  or  defense  cyber  capability,  as 
reflected  by  Russia’s  brandished  cyber  weapons  and  by  the  properties  of  Russian  cyber 
terrain.  The  author’s  conclusion  is  that  Russian  cyber  capability  shows  an  existing 
investment  in  offensive  cyber  weapons,  as  well  as  efforts  to  improve  the  defensiveness  of 
its  cyber  terrain.  Alarmingly,  the  weapon  capability  of  Russia  and  the  diffusion  of  cyber 
power  to  non-state  actors  appears  to  create  security  dilemma  pressures  that  may  be  more 
acute  than  the  security  dilemma  expected  at  the  international  system  level  of  analysis. 
The  following  chapter  will  consider  Jervis’s  second  variable — ^whether  Russian  cyber 
posture  can  be  distinguished  as  offensive  or  defensive  by  evaluating  Russian  cyber  policy 
and  doctrine. 
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III.  RUSSIAN  CYBER  POSTURE 


This  chapter  seeks  to  determine  whether  Russia’s  cyber  posture  is  distinguishable 
as  either  offensive  or  defensive.  The  following  seetions  examine  Russians’  official  and 
unofficial  conception  of  eyber  power,  the  eyber  doetrine  of  the  Russian  Federation’s 
Armed  Forees,  and  Russia’s  efforts  to  shape  the  international  cyber  environment  thru 
international  institutions.  If  Russia’s  cyber  posture  is  distinguishable  as  either  offensive 
or  defensive,  these  three  lanes  of  inquiry  may  provide  insight  into  its  orientation. 

A.  RUSSIAN  UNDERSTANDING  OF  CYBER  POWER 

The  Russian  view  on  cyber  power  and  on  Russia’s  own  eyber  capabilities  differs 
in  significant  ways  from  the  American  perspective.  Most  importantly,  Russian  academics 
and  military  experts  coneeive  of  eyber  warfare  more  broadly  than  Western  strategists  and 
view  Russia  not  as  an  aggressor,  but  as  a  vulnerable  state  defending  itself  from  a  hostile 
global  cyber  eampaign.  Though  Russian  eyber  terminology  differs  in  key  ways,  Russian 
cyber  experts  recognize  many  of  the  same  challenges  of  cyber  power — offense 
dominance,  secreey,  non- attribution,  escalation,  etc. — that  are  also  widely  discussed  by 
Western  academics. 

Understanding  the  terminological  difference  between  U.S.  and  Russian  cyber 
discourse  is  essential  for  eontextualizing  how  Russian  thinking  about  cyber  power  shapes 
Russia’s  doctrine  and  international  position  on  cyber  seeurity.  Keir  Giles  summarizes  the 
Russian  view  of  cyber  war  as  informatsionnaya  voyna — a  “holistic  concept”  of 
information  war  that  ineludes  eomputer  network  operations,  eleetronic  warfare, 
psychologieal  operations,  and  information  operations.  1^6  Russians  subdivide  this  broad 
concept  of  information  war  into  two  components:  information-technologieal  and  the 
information-psyehologieal.14^  Major-General  Sheremet  deseribes  information-teehnical 
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attacks  as  cyberattacks  ranging  from  influence  operations  via  website  defacements  to 
physieal  damage  resulting  from  altered  roeket  trajectories,  Information-psychologieal 
operations,  in  contrast,  include  operations  that  attaek  the  morale  and  the  pereeptions  of 
the  population,  as  exemplified  by  the  Arab  Spring,  Orange  Revolution,  and  even  the 
dissolution  of  the  Soviet  Union.  149 

This  understanding  of  cyber  power  is  not  limited  to  just  a  handful  of  Russian 
seholars.  In  an  extensive  literature  review  of  Russian  aeademic  and  offieial  writing, 
Stephen  Blank  demonstrates  that  this  is  mainstream  Russian  thinking  about  cyber  power, 
with  important  eonsequences.  By  incorporating  the  struggle  of  ideologies  into  eyber 
power,  Russian  analysts  continue  “the  Leninist  tradition  of  a  constant  state  of  siege 
within  and  between  states,  societies,  and  blocs.” i^n  As  a  consequence,  the  Russian  state 
and  its  eyber  analysts  diseuss  cyberspace  issues — to  Russians  “information  space” — as  a 
lens  for  “viewing  the  domestic  and  international  situation.” i^i  This  inclusion  of  hostile 
content  as  a  source  of  cyber  threat  differs  from  the  West’s  more  narrow  focus  on  strictly 
hostile  code  and  leads  to  Russians’  particular  perception  of  peacetime  and  wartime  cyber 
threats  and  vulnerabilities.  1^2  jn  the  following  discussion,  the  author  uses  Russian 
information  war  terminology — eyber  power  is  an  implied  eomponent  of  that  definition 
but  cannot  be  extricated  from  the  Russian  conception  of  information  warfare  for 
standalone  assessment. 

1,  Hostile  Content 

Russians’  understanding  of  hostile  content  as  an  information  seeurity  issue  is 
illustrated  in  an  artiele  in  the  journal  Security  Index:  A  Russian  Journal  on  International 
Security  by  Elena  Zinovyeva,  who  describes  the  role  of  information-psyehological 
aspects  of  cyber  power  in  shaping  the  seeurity  dilemma  at  the  international  level.  This 

^48  Sheremet,  “Kiberugrozy  Rossii  Rastut — Chast’  I.  ” 

^49  Igor  Sheremet,  “Kiberugrozy  Rossii  Rastut  — Chast’  II  [Cyberthreats  to  Russia  Grow  -  Part  II,” 
Voyenno-promyshlennyy  Kur’yer,  February  19,  2014,  http://vpk-news.ru/articles/I9I94. 
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1^2  Giles,  ‘“Information  Troops,”’  48. 
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analysis  cites  and  builds  on  the  work  of  Martin  Libieki  and  Joseph  Nye  to  eonelude  that 
the  balanee  of  power  among  nations  has  been  disturbed  by  “the  very  nature  of 
international  polities  in  the  information  sphere.” souree  of  this  instability,  she 
argues,  is  U.S.  digital  diplomaey.  Zinovyeva  deseribes  the  poliey  of  digital  diplomaey  as 
a  series  of  programs  enabled  by  “teehnologieal  instrument [s]”  with  whieh  Ameriean 
diplomats  engage  foreign  populaees  through  organizations  sueh  as  the  Department  of 
State,  Department  of  Defense,  Central  Intelligenee  Ageney,  and  U.S.  Ageney  for 
International  Development,  The  notable  goals  and  priorities  of  these  programs  are: 

•  “diseredit  the  ideologieal  enemies  of  the  United  States” 

•  “limit  Russia’s  media  presenee  in  the  former  Soviet  Republics” 

•  “creat[e]  information  services  aimed  at  supporting  the  opposition  in 
authoritarian  eountries” 

•  “oreat[e]  shadow  Internet  systems  and  independent  mobile  networks 
whieh... ean  help  the  opponents  of  authoritarian  regimes  to  exehange 
information  online,  eireumventing  the  government’s  restrietions.”i55 

Aeeording  to  Zinovyeva,  this  digital  diplomacy  is  enabled  by  struetural  ehanges  in  the 
international  system  brought  about  by  advanees  in  eyberspaee,  and  although  the  United 
States  is  eurrently  at  the  forefront  of  eapitalizing  on  the  power  potential  of  these 
teehnologies,  the  Russian  Federation  should  develop  its  own  offensive  information- 
psyehologieal  eyber  weapons  to  be  used  in  the  information  eonfrontation  with  the  West. 
Importantly,  Russia  must  make  this  investment  urgently — “it  is  quickly  running  out  of 
time.”i56 

U.S.  Army  War  College  Professor  Stephen  Blank’s  assessment  of  the  Russian 
perspeetive  on  information-psychologieal  operations  in  eyberspaee  is  starker:  Russia  is 
fighting  a  domestie  eounterinsurgency.  Russian  politieians,  heads  of  state  agencies, 
and  academies  believe  that  the  United  States  is  aetively  engaged  in  a  network  war  against 
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Russia,  facilitating  a  domestic  insurgency,  Zinovyeva’s  argument  deseribed  previously 
is  typieal  of  Russian  aeademie  literature,  and  in  Blank’s  opinion,  this  view  refleets  an 
attempt  to  externalize  the  eauses  of  the  domestie  instability  of  an  illiberal  demoeraey. 
Whereas  a  Western  perspeetive  on  the  Arab  Spring,  the  eolor  revolutions,  and  the  eivil 
disturbanees  following  the  2011  Russian  parliamentary  eleetion  foeuses  on  issues 
prominent  at  the  state  level  of  analysis,  Russians  see  the  same  international  events  as 
eaused  by  the  international  seeurity  dilemma  stemming  from  offensive  applieation  of 
information  teehnology.  This  divergenee  in  analytie  perspeetives  is  important  for 
eontextualizing  Russian  doetrine  development  and  stanee  on  international  eyber  issues. 

In  addition  to  the  lessons  drawn  from  the  role  of  Internet  teehnologies  in  fostering 
worldwide  anti-authoritarian  politieal  movements,  Russian  military  experienee  in  reeent 
armed  eonfliets — the  Cheehen  Wars  and  espeeially  the  2008  Russo-Georgian  War — has 
also  shaped  Russians’  understanding  of  the  relevanee  of  eyber  power  in  eondueting  IW 
and  10  as  part  of  a  military  eampaign.  While  the  military  phase  of  the  Russo-Georgian 
War  was  swift  and  deeisively  in  favor  of  the  Russian  Federation,  in  the  Russian 
government’s  view  the  pereeption  of  the  eonfliet  and  the  pereeption  of  its  legitimaey  by 
the  international  eommunity  was  more  important  than  what  oeeurred  on  the  battlefield, 

To  the  Kremlin  and  to  Russian  erities  alike,  the  Russo-Georgian  eonfliet 
demonstrated  Russian  shorteomings  in  strategie  eommunieations  strategies  and  faulty 
teehnieal  performanee  of  their  information-enabled  weapons  systems,  Subsequent 
ealls  for  reform  foeused  on  the  Russian  Federation’s  ability  to  shape  and  influenee 
international  pereeptions  of  future  eonfliets.  ^ ^2  Information  seeurity  analyses  were  less 
eommon  than  strategie  eommunieations  eritieism,  however.  Among  sueh  analyses, 
Colonel-General  Anatoliy  Nogovitsyn’s  notable  eyber  seeurity- foeused  eritique,  while 
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recognizing  the  low  cost  of  cyber  weapons  and  heightened  international  vulnerability  of 
states  due  to  new  technologies,  emphasized  the  new  capacity  of  information  weapons  to 
target  population  morale,  provoke  social  and  ethnic  conflicts,  and  undermine  government 
legitimacy.  1^3  jn  contrast.  Western  observers  and  analysts  focused  much  more  on  the 
technical  details  of  the  cyber  attacks  during  the  Russo-Georgian  War,  and  on  those 
weapons’  implications  to  collective  security  arrangements,  law  of  armed  conflict,  and 
technical  characteristics  of  cyber  conflicts.  This  difference  in  lessons  learned  from  the 
Russo-Georgian  War  illustrates  the  analytics  lens  with  which  Russians  approach  cyber 
power — hostile  content  is  central  to  Russian  understanding  of  information  confrontation. 

2.  Hostile  Code 

Although  Russian  cyber  power  scholarship  emphasizes  the  importance  of  hostile 
content,  or  the  information-psychological  aspect  of  information  warfare,  Russian  thinkers 
also  recognize  value  of  information-technical  weapons — hostile  code.  This  technical  and 
strategic  discussion  of  cyber  power  is  evident  in  the  Russian  press,  academic 
publications,  and  military  journals.  A  frequent  commentator  in  public  forums  on  Russian 
Security  issues,  Major-General  Sheremet  explains  that  potential  cyber  attacks  on  its 
critical  infrastructure  are  a  vital  information-technical  threat  to  the  Russian  Federation, 

His  position  is  particularly  interesting:  although  he  explains  the  varied  approaches  the 
Russian  government  is  undertaking  to  reduce  these  risks,  he  also  notes  that  because  of  the 
difficulty  of  positively  attributing  cyber  attacks,  the  Russian  response  to  such  attacks 
would  be  simply  to  do  nothing  and  “uchit’sya  na  oshibkakh” — learn  from  mistakes, 

Eugene  Kaspersky  takes  a  similar  view;  Russia  must  make  security  investments  in 
its  critical  infrastructure,  information  technology  infrastructure,  and  telecommunications 
sectors.  Although  such  defensive  measures  may  reduce  Russia’s  vulnerability  to 
cybercrime  and  cyber  terrorism,  in  the  case  of  a  true  cyber  warfare  threat,  he  argues  that 
no  defensive  measures  will  be  sufficient  to  absorb  through  resilience  or  deter  through 
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denial  the  attaeks.  Russia  would  have  to  retaliate,  Though  both  Sheremet’s  and 
Kaspersky’s  responses  to  cyber  attack  are  not  nearly  as  drastic  as  V.  I.  Tsymbal’s  1996 
assertion  that  “Russia  retains  the  right  to  use  nuclear  weapons  first  against  the  means  and 
forces  of  information  warfare,  and  then  against  the  aggressor  state  itself,”  all  three 
positions  stem  from  a  recognition  of  information-technical  attacks’  offensive  dominance 
and  Russia’s  vulnerability  to  such  attacks, 

Russian  academic  publications  also  increasingly  publish  analyses  of  strategic 
implications  of  informational-technical  aspects  of  cyber  weapons.  The  Russian  Institute 
for  Policy  Studies  Center’s  journal.  Security  Index,  for  example,  published  eight  articles 
dedicated  to  cyber  security  topics  in  2013.  In  comparison,  it  dedicated  five  articles  to 
cyber  issues  in  2012,  and  only  two  articles  in  the  four  years  prior  to  then,  The  analysis 
that  is  published  is  both  technically  competent  and  insightful.  In  describing 
“Cyberwarfare  and  Russian  Style  of  Cyberdefense,”  Oleg  Demidov’s  analysis  of  DDoS 
attacks  and  the  Stuxnet  family  of  malicious  code  identifies  important  issues:  non¬ 
attribution,  asymmetric  response,  power  diffusion,  offensive  retaliation,  and  a  zero-sum 
arms  race,  The  Russian  reaction  to  the  international  system  shaped  by  such  weapons, 
argues  Demidov,  is  an  increased  militarization  of  Russian  cybersecurity  functions — a 
mirror  imaging  of  U.S.  CYBERCOM.i^o 

Dmitry  I.  Grigoriev  presents  another  viewpoint  on  Russian  cybersecurity 
measures  at  the  EastWest  Institute.  “Some  nations,”  he  writes,  “set  up  special  units  to 
conduct  cyber  warfare,”  and  this  militarization  creates  an  inherently  offensive,  covert. 
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and  indefensible  eross-border  threat,  The  Russian  government’s  approaeh  to 
eountering  this  threat  to  international  stability,  he  explains,  is  to  ereate  a  series  of  bilateral 
and  multilateral  arrangements  that  ban  the  use  of  eyber  weapons  for  military-politieal 
purposes.  Sueh  international  arrangements  should  also  ereate  teehnieal  meehanisms  for 
establishing  attack  attribution  and  adopting  Internet  protocols  that  secure  the  Internet.  1^2 
Though  Demidov’s  and  Grigoriev’s  positions  differ  in  their  proposed  solutions,  their 
analysis  is  representative  of  a  defensive  tone  to  Russian  cyber  analysis — Russia  is 
responding  defensively  to  a  perceived  security  arms  race  led  by  the  United  States. 

Finally,  the  Russian  Armed  Forces  demonstrate  some  understanding  of  cyber 
weapons  and  of  American  doctrinal  and  technical  developments  in  cyberspace.  In  the 
Military  Thought  article  “Operations  in  Cyberspace:  Theory,  Politics,  and  Law,”  the 
authors  summarize  unclassified  U.S.  Department  of  Defense  publications  pertaining  to 
cyber  operations.  In  addition  to  summarizing  American  cyber  doctrine,  the  authors 
criticize  it  for,  in  their  view,  failing  to  integrate  international  law  into  the  concept  of 
cyber  operations,  for  increasing  international  tension  with  an  ambiguous  retaliatory 
policy  in  light  of  the  difficulty  of  cyber  attribution,  and  for  approaching  the  security 
dilemma  caused  by  the  nature  of  cyber  weapons  through  a  NATO  and  not  an 
international  framework.  1^3  a  similar  analysis  of  cyber  power  emphasizes  that  the  United 
States,  China,  United  Kingdom,  and  many  other  countries  are  forming  cyber  attack  units, 
and  that  the  United  States,  specifically,  views  cyber  war  as  inevitable  and  as  serious  as  a 
confrontation  in  any  other  military  theater.  1^4  Both  analyses,  while  introducing  their 
readers  to  cyber  definitions,  terms,  and  concepts,  also  point  out  that  the  cyber  domain  is 
characterized  by  an  already  in-progress  offensive  arms  race. 
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It  is  notable  that  cyber  power  analysis  by  Russian  military  officers  focuses  much 
less  on  operational  art  and  force  development  than  it  does  on  the  role  of  international 
institutions.  The  Military  Thought  article  “Potential  Approaches  to  Implementing  the 
Russian  Federation’s  Military  Policies  on  International  Information  Security  in  the 
Present  Situation”  only  vaguely  references  the  military’s  role  in  the  “creation  of  a 
Eurasian  system  for  joint  response  to  threats.” Instead,  the  authors  criticize  the  Euro- 
Atlantic  approach  to  cyber  security  as  militarizing  cyberspace,  violating  national 
sovereignty  under  the  pretense  of  law  enforcement,  and  ultimately  fostering  an  arms 
race,  The  alternative  they  suggest  is  to  support  the  Shanghai  Cooperation  Organization 
approach  that  strives  to  restrict  new  information  weapon  development,  limits  existing 
weapons  use,  and  provides  a  mechanism  for  collective  response  to  cyber  aggression.  i  "77 
In  what  may  well  be  a  complementary  article,  I.N.  Dylevsky  suggests  that  based  on  U.N. 
precedent  in  defining  aggression,  the  Stuxnet,  Estonian,  and  Georgian  cyber  attacks  meet 
the  spirit  of  the  U.N.  definition  of  aggression,  The  authors  suggest  that  states  may  be 
dis-incentivized  from  cyber  aggression  if  the  U.N.  modifies  the  Article  3  definition  of 
aggression  by  including: 

•  “use  of  information  weapons  by  the  armed  forces  of  a  state  against  the 
information  resources  of  another  state’s  critically  important  facilities;” 

•  “propaganda  of  war  and  use  of  force  by  a  state  and  spreading  seditious 
information,  which  helps  destabilize  the  internal  and  international 
situation,  unleash  and  escalate  armed  conflicts.” 

The  popular,  academic,  and  military  perspectives  on  informational-technological 
aspects  of  information  warfare  share  several  themes.  The  authors  recognize  cyber 
weapons’  offensive  dominance  and  point  to  a  cyber  arms  race.  Their  perceived  primary 
culprit  and  apparent  aggressor  in  this  arms  race  is  the  United  States.  Although  much  of 
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Russian  analysis  acknowledges  a  eyber  seeurity  dilemma  and  points  out  many  of  eyber 
weapons’  strategie  and  taetieal  eharaeteristics,  the  proposed  solutions  seem  divoreed 
from  these  factors.  Russians  advocate  for  an  international  institutional  solution,  but  do 
not  explain  how  these  mechanisms  would  mitigate  the  properties  of  eyber  weapons  that 
neeessitate  nations  to  establish  offensive  eyber  units.  This  likely  refleets  a  pereeption  that 
Russia  cannot  compete  in  a  eyber  arms  race  and  its  vulnerability  is  so  great  that  only 
international  regimes  ean  guarantee  its  seeurity.  Beeause  international  institutions  are 
unlikely  to  address  the  challenge  of  weapon  seereey  in  eyberspaee  and  eovert  aequisition, 
Russians  likely  hope  that  if  other  nations  voluntarily  halt  their  offensive  eyber  weapons 
programs  in  aoeordanee  with  international  agreements,  Russian  eyber  development  ean 
seeretly  attain  parity. 

B,  OFFICIAL  RUSSIAN  VIEW  OF  CYBER  POWER 

In  addition  to  the  diseussion  of  eyber  power  by  Russian  aeademia,  military,  and 
media,  the  government  of  the  Russian  Federation  has  also  mentioned  the  role  of 
eyberspaee  in  its  national  planning  guidanee  and  military  doctrine.  This  offieial  mention 
of  eyber  power  gives  insight  into  what  Russian  leaders  believe  are  their  nation's  seeurity 
challenges  and  priorities,  and,  importantly,  it  illustrates  how  the  Russian  government 
wishes  others  to  pereeive  its  posture  on  eyberspaee  issues. 

1.  National  Security  Perspective 

At  the  foundation  of  the  official  Russian  Federation’s  view  of  eyber  power  is  its 
Information  Security  Doctrine,  published  on  September  9,  2000.  The  doeument  is  the 
“totality  of  offieial  views,  objeetives,  prineiples,  and  basie  guidelines  for  ensuring 
information  seeurity  of  the  Russian  Federation”  and  is  the  basis  for  “shaping  government 
poliey”  and  “devising  targeted  national  information  seeurity  programs.”!^*’  It  lists  four 
key  areas  of  Russian  national  interest  in  the  information  sphere,  threats  and  sources  of 
threats  to  these  national  interests,  and  methods  for  ensuring  information  seeurity.  Though 

“Information  Security  Doctrine  of  the  Russian  Federation,”  Ministry  of  Foreign  Affairs  of  the 
Russian  Federation,  last  modified  December  29,  2008,  http://www  mid  m/bdomp/ns- 
osndoc.nsf/le5f0de28fe77fdcc32575d900298676/2deaa9eel5ddd24bc32575d9002c442b!OpenDocument. 
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much  of  the  doctrine  focuses  on  supporting  Russia’s  then  fragile  economy,  civil  society, 
and  political  system,  the  document  also  identifies  potential  information  warfare  threats 
from  other  states.  Two  such  key  sources  of  threat  are  detailed  in  Article  1,  Section  3; 

•  “activities  of  foreign  political,  economic,  military,  intelligence  and 
information  entities,  directed  against  the  interests  of  the  Russian 
Federation  in  the  information  sphere;” 

•  “development  by  a  number  of  states  of  information  war  concepts  that 
provide  for  creating  means  for  dangerous  attack  on  the  information 
spheres  of  other  countries  of  the  world,  disturbing  the  normal  functioning 
of  their  information  and  telecommunication  systems,  breaching  the 
security  of  their  information  resources  and  gaining  unsanctioned  access  to 
them.”  181 

These  two  sources  of  threats  mirror  Russian  information  warfare  concepts  of 
information-psychological  and  information-technological  weapons,  although,  as  Timothy 
Thomas  points  out,  the  terms  themselves  are  not  used.  1 82  In  addition  to  identifying 
threats  and  vulnerabilities,  the  Information  Security  Doctrine  articulates  various  legal, 
organizational-technical,  and  economic  approaches  to  combating  these  sources  of  threat. 
Finally,  in  summarizing  the  international  system,  the  doctrine  recognizes  leading  world 
powers’  efforts  to  develop  information  weapons,  warns  of  an  impending  arms  race,  and 
emphasizes  the  need  for  an  international  approach  for  safeguarding  Russia’s  information 

space.  183 

The  tone  of  the  Information  Security  Doctrine  of  the  Russian  Federation, 
according  to  Keir  Giles,  is  entirely  defensive — there  is  no  mention  of  offensive 
operations.  184  Although  the  document  appears  to  take  a  holistic  approach  to  information 
security,  it  lists  several  concepts  that  differ  from  Western  approaches  to  security.  The 
most  important  divergence  is  an  illiberal  attitude  toward  the  media.  Regardless  whether  a 
media  entity  is  private  or  state-owned,  the  doctrine  states  that  it  is  acceptable  and 
essential  that  the  government  ensures  pro-Russian  messaging.  The  Russian  government 
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clarified  that  this  position  intended  only  to  provide  state  oversight  and  not  censorship,  but 
Giles  argues  that  historieal  evidence  suggests  the  latter  outcome, 

Surprisingly,  despite  the  depth  of  information  security  guidance  in  the 
Information  Security  Doctrine,  the  Russian  Federation  National  Security  Strategy 
Through  2020,  approved  on  12  May  2009,  barely  addresses  this  security  area.  This  key 
offieial  guidance  and  planning  document  for  Russian  security  services,  while  describing 
in-depth  a  multitude  of  eriminal,  economic,  and  healthcare  threats  and  seeurity  strategies, 
approaehes  information  seeurity  challenges  only  indirectly.  In  describing  the  international 
environment,  the  strategy  recognizes  that  global  information  eonfrontations  exist  and  will 
escalate,  and  that  illegal  activity  using  cybernetic  and  other  teehnological  weapons  will 
threaten  Russian  interests,  Consequent  strategie  guidance,  however,  is  sparse  and 
vague: 


ensuring...  the  availability  of  information  technologies  and  also 
information  on  the  various  issues  of  soeiety’s  sociopolitieal,  economie, 
and  spiritual  life. . . 

developing  information  and  telecommunications  technology,  computer 
hardware,  electronics,  telecommunications  equipment,  and  software 
industries. . . 

overeome  the  technologieal  lag  in  the  most  important  spheres  of 
information  seience,  telecommunications,  and  communications  that 
determine  the  eondition  of  national  security... and  also  provide  conditions 
for  the  harmonization  of  the  national  information  infrastrueture  with 
global  information  networks  and  systems. . . 

threats  to  information  security  are  to  be  prevented  by  improving  the 
seeurity  of  the  functioning  of  the  information  and  teleeommunieations 
systems  of  critieally  important  infrastrueture  facilities. ..and  by  ereating  a 
single  information-telecommunieations  support  system  for  the  needs  of  the 
national  security  system, 


Giles,  ‘“Information  Troops,”’  70-1. 

“Russia’s  National  Security  Strategy  to  2020,”  Rustrans  Useful  Translations,  last  modified 
September  17,  2012,  http://rustrans.wikidot.eom/russia-s-national-security-strategy-to-2020. 
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Though  these  tasks  address  threats  to  Russia’s  cyber  civil  society,  supply  chain,  and 
critical  infrastructure,  the  National  Security  Strategy  fails  to  address  Russians’  perceived 
global  information  confrontation  or  the  disruptive  effect  of  cyber  weapons. 

It  is  possible  that  this  paucity  of  guidance  reflects  the  Russian  government’s  lack 
of  information  security  concerns  in  2009,  but  considering  the  high  degree  of  reflection  on 
the  information  warfare  campaign  during  the  previous  year’s  Russo-Georgian  conflict, 
this  seems  unlikely.  Keir  Giles  offers  one  explanation — President  Medvedev  intended  the 
document  to  focus  on  economics  and  to  convey  a  positive,  aspirational  tone  of  a  newly 
confident  and  cooperative  Russia,  Yet  another  possibility  is  that  the  Russian 
government  restricted  in-depth  strategic  consideration  of  information  war  to  classified 
documents.  Whatever  the  explanation,  the  lack  of  substantive  discussion  of  information 
and  cyber  security  in  the  Russian  Federation’s  National  Security  Strategy  Until  2020, 
especially  relative  to  the  more  overt  defensive  posture  described  in  the  Information 
Security  Doctrine,  confounds  a  clear  interpretation  of  Russia’s  cyber  posture. 

2,  Military  Doctrine 

Historically,  Russia’s  cyber  capabilities  were  concentrated  in  the  nation’s  security 
services.  The  FSB  maintains  and  operates  SORM;  Roskomnadzor  controls  information 
blacklists;  and  the  MVD’s  Directorate  K  focuses  on  information  crime  issues.  The 
Federal  Agency  for  Government  Communications  and  Information  was  briefly  tasked 
with  information  security,  but  the  agency  was  disbanded  in  the  1990s  and  its  capabilities 
redistributed  among  larger  security  organizations.  In  comparison  to  these  agencies’ 
various  level  of  cyber  capability,  the  Russian  military  has  only  maintained  an  electronic 
warfare  force.  Following  the  criticism  of  the  Russo-Georgian  War,  however.  President 
Medvedev  undertook  military  reform  that  included  a  directive  to  “develop  forces  and 
resources  for  information  warfare.” 

Keir  Giles,  Russia ’s  National  Security  Strategy  to  2020  (NATO  Defense  College,  June  2009):  4-5, 
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The  Military  Doctrine  of  the  Russian  Federation,  approved  on  5  February  2010, 
responded  to  the  national  defense  tasks  in  the  Russian  Federation’s  National  Security 
Strategy  Through  2020  and  codified  President  Medvedev  and  Defense  Minister 
Serdykov’s  reform  initiatives.  Because  the  document’s  intent  was  to  support  reform 
measures,  the  doctrine  focuses  mainly  on  Russia’s  efforts  to  transition  from  a  mass- 
mobilization  Soviet-era  military  to  a  highly  mobile  permanently  ready  professional  force. 
Nonetheless,  it  contains  several  interesting  observations  about  the  international  system 
and  the  nature  of  modem  warfare. 

The  foremost  assertion  is  that  future  military  conflicts  will  include  a  cyber  or 
informational  component.  According  to  the  doctrine,  the  role  of  information  warfare  will 
intensify  while  new  weapons  systems  “based  on  new  physical  principles”  will  be 
“comparable  to  nuclear  weapons  in  terms  of  effectiveness.” Additionally,  military 
conflicts  will  combine  military  and  nonmilitary  forces  and  resources — a  possible 
reference  to  irregular  combatants  or  surrogate  forces  such  as  the  ones  typical  of  Russian- 
affiliated  cyber  attacks.  192  During  future  conflicts,  information  warfare  will  be  essential 
for  pre-conflict  shaping  of  the  political  space  and  for  “shaping  a  favorable  response  from 
the  world  community  to  the  utilization  of  military  force.”  193  Clearly,  the  information 
troops  that  the  doctrine  establishes  will  have  a  role  in  Russian  military  art. 

Whether  this  role  will  be  offensive  or  defensive  is  not  clear  from  the  doctrine.  The 
sections  on  external  dangers  and  threat  analysis  only  vaguely  refer  to  information  threats: 
efforts  to  destabilize  states  and  regions  on  Russia’s  periphery  and  interference  in  the 
internal  affairs  of  the  Russian  Federation.  194  Likewise,  the  doctrine  does  not  outline  any 
specific  deterrence  tasks  or  wartime  tasks  of  a  cyber  or  information  warfare  nature.  At 
most,  the  doctrine  describes  the  need  for  information  systems  support  for  its  military 
modernization  plans.  195  it  may  be  the  case  that  such  tasks  and  analysis  may  be  too 
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ambitious  for  a  doctrinal  document  that  first  seeks  to  establish  information  warfare 
troops.  It  is  also  possible  that  the  Russian  Federation  does  not  consider  these  threats  as 
sufficiently  serious  to  define  in  doctrine.  As  with  the  National  Security  Strategy,  the 
Russian  Federation’s  military  doetrine  takes  an  ambiguous  position;  though  it  recognizes 
the  importance  of  information  warfare  to  Russian  security  and  in  military  conflicts  in 
general,  it  does  not  deseribe  the  Russian  approach  to  cyber  warfare. 

Shortly  after  the  release  of  the  2010  Military  Doctrine,  the  Russian  Ministry  of 
Defense  published  the  Conceptual  Views  Regarding  the  Activities  of  the  Armed  Forces  of 
the  Russian  Federation  in  Information  Space.  Keir  Giles  describes  the  Conceptual  Views 
as  “a  Russian  military  cyber  proto-doetrine”  and  “the  first  explicit  public  statement  of  the 
Russian  military’s  role  in  cyberspace. Though  the  doeument  is  a  relatively  succinct 
fifteen  pages  of  terms  and  definitions,  principles,  rules,  and  confidence  building 
measures,  it  provides  new  insight  into  the  Russian  military’s  development  in  cyberspace 
doctrine. 

Like  previous  Russian  literature  about  information  operations  and  war,  the 
Conceptual  Views  defines  the  operational  terms  from  an  information-eentric  perspective. 
It  defines  information  war  as  actions  that  may  damage  information  systems  and 
resourees;  undermine  political,  economic,  and  social  systems;  brainwash  the  population; 
or  eoeree  the  vietim  government.  The  information  space  within  which  information  war 
may  take  place  is  the  “area  of  activity  related  to  the  formation,  creation,  transformation, 
transmission,  use,  and  storage  of  information.”  1^7  These  definitions  reflect  a  broader 
perspective  than  the  U.S.  definition,  whieh  considers  cyberspace  as  a  domain  within  the 
information  environment.  1^8  As  defined  in  the  Conceptual  Views,  the  Russian  concept  of 
an  information  war  is  an  amalgam  of  U.S.  cyber  operations  and  information  operations 
doetrines.  Unlike  the  Ameriean  doetrine  that  categorizes  eyber  operations  as  offensive. 
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defensive,  or  sustainment,  however,  the  Conceptual  Views  only  specifies  defensive  cyber 

operations.  199 

In  addition  to  outlining  strictly  defensive  operations,  the  Conceptual  Views  also 
delineates  a  narrow  scope  of  military  responsibilities.  It  tasks  the  Armed  Forces  of  the 
Russian  Federation  with  solely  their  own  information  security.  Although  a  secondary  task 
of  the  Armed  Forces  is  to  provide  broader  information  security,  the  military’s  priority  is 
on  the  defense  of  the  Armed  Forces — identifying  threats  and  avoiding  disorganization  of 
command  and  control,  disruption  to  military  logistics,  and  demoralization  of  the 
military.  200  task  of  broader  national  defense  against  military-political  information 
threats  is  less  apparent.  These  implementation  measures  consist  of  interagency 
coordination,  early  threat  detection,  and  international  cooperation  and  norm-setting. 201 

Though  the  Conceptual  Views  emphasize  the  centrality  of  international 
institutions  for  maintaining  information  security,  it  emphasizes  the  need  for  international 
norms,  regulations,  and  non-military  conflict  resolution  under  the  U.N.  aegis,  rather  than 
through  regional  collective  security  arrangements.  This  focus,  argues  Giles,  also 
distinguishes  the  Russian  military’s  approach  to  information  warfare  from  the  West’s. 202 
As  he  points  out,  the  Russian  military’s  task  to  promote  international  institutions  is 
atypical  for  Western  militaries.  The  reason  for  this  focus  may  be  that  the  Russian 
government  genuinely  considers  its  Armed  Forces  as  champions  of  its  non-military 
foreign  policy  initiatives,  but  the  more  likely  explanation  is  that  the  Russian  government 
lacks  confidence  in  the  Army’s  ability  to  provide  for  its  own  information  security. 

The  latest  iteration  of  Russian  military  doctrine  on  cyber  operations  may  be  the 
so-called  Gerasimov  doctrine.  This  unofficial  doctrine,  published  in  Voyenno- 
Promyshlennyy  Kuryer  in  2013  by  Russian  Armed  Forces  Chief  of  General  Staff  Army- 
General  Valery  Gerasimov,  represents  a  potential  future  development  of  the  Russian 
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military  art. 203  Giving  credence  to  speculation  that  this  article  represents  official  views, 
Russian  operations  in  Crimea  and  Eastern  Ukraine,  called  hybrid  war  or  non-linear  war 
by  commentators,  demonstrate  many  facets  of  Gerasimov’s  ideas — the  conflict  in 
Ukraine  consists  of  “simultaneously  oecurring  guerrilla  and  conventional  fighting, 
eeonomie,  cyber,  and  information  war.”204  Unlike  in  Russia’s  official  military  doctrine, 
eyber  operations  play  an  essential  and  prominent  offensive  role  in  the  Gerasimov 
doctrine. 

The  underlying  postulate  of  the  new  doctrine,  as  Mark  Galeotti  highlights  in  his 
review  of  Gerasimov’s  article,  is  that  the  rules  of  war  have  ehanged — non-military  means 
may  be  more  effective  than  conventional  ones. 205  This  realization  about  21st  Century 
conflicts  requires  a  new  approach  to  war,  and  the  main  purpose  of  the  article  is  a  call  for 
action  for  Russian  military  academics  to  address  Gerasimov’s  observations  about  the 
international  system  and  the  nature  of  warfare.  His  key  points  in  relation  to  cyber  and 
information  warfare  are: 

•  Conflict  increasingly  consists  of  information  and  other  non-military  means 

•  Covert  actions  and  irregular  forces  are  increasingly  important  in 
information  confrontation 

•  The  distinctions  between  strategic,  operational,  and  tactical  levels  and 
offensive  and  defensive  operations  are  disappearing 

•  Information  weapons  enable  asymmetric  operations  that  eounteract 
adversary  advantages  and  allow  the  formation  of  a  resistance  front 
throughout  the  entirety  of  enemy  territory 

•  Information  confrontation  creates  opportunities  to  lower  the  adversary’s 

combat  potential. 206 


203  Roger  McDermott,  “Myth  and  Reality — A  Net  Assessment  of  Russia’s  ‘Hybrid  Warfare’  Strategy 
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The  nature  of  modern  eonfliet  neeessitates  that  information  warfare  spans  all  phases  of 
eonfliet  and  ineludes  military  and  non-military  forces  (see  Figure  2). 
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Figure  2.  Role  of  Non-military  Means  for  Resolving  Interstate  Conflicts 
According  to  the  Gerasimov  doctrine. 


Gerasimov’s  article,  if  it  eventually  translates  into  Russian  military  doctrine, 
establishes  an  aggressive,  offensive  cyber  posture.  Information  activities  against  another 
state  may  begin  ahead  of  overt  political  and  military  crises,  and  if  executed  according  to 
doctrine,  will  employ  means  and  methods  that  will  be  difficult  to  attribute  to  the  military 
and  to  the  Russian  Federation.  Disconcertingly,  the  doctrine  does  not  discuss  the  use  of 

Gerasimov,  “Tsennost’  Nauki  v  Vredvidenii.”  [The  author's  translations  are  in  red  font.] 
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information  weapons  for  deterrence  or  de-escalation  during  the  initial  phases  of 
conflicts — instead,  information  weapons  will  have  only  an  offensive  role. 

This  doctrinal  formulation  of  the  role  of  information  weapons  is  potentially  highly 
disruptive  to  international  security.  By  doctrinal  implication,  all  pro-Russian  activity  in 
the  information  environment  is  potentially  threatening  to  other  states.  A  Russian 
company’s  investment  into  another  nation’s  telecommunications  infrastructure  may  be  a 
covert  Phase  1  attempt  to  gain  access  to  critical  infrastructure.  Similarly,  a  DDoS  attack 
or  a  website  defacement  of  a  particular  political  group  may  signal  an  attempt  to  influence 
political  opinions  or  morale.  A  significant  security  problem  stemming  from  the 
Gerasimov  Doctrine  is  that  countries  that  consider  Russia  as  a  potential  security  threat 
may  now  see  neutral  Russian  actions  or  hostile  non-Russian  actions  in  cyberspace  as 
covert  hostile  acts  in  preparation  for  a  wider  conflict.  Although  according  to  the  realist 
worldview,  states  are  naturally  distrustful  of  other  states,  the  Gerasimov  Doctrine 
exacerbates  mistrust  toward  Russia. 

C.  INTERNATIONAL  POSITION 

It  is  apparent  from  unofficial  and  official  Russian  information  warfare  discussion 
that  international  engagement  in  cyberspace  is  an  essential  element  of  their  cyber 
posture — Timothy  Thomas  considers  international  efforts  to  be  one  prong  of  Russians’ 
strategic  approach  to  security.  208  These  efforts  at  international  engagement  have  not 
always  been  successful  at  creating  international  consensus,  but  they  have  outlined  a  clear 
vision  for  a  potential  Internet  structure.  More  so,  this  Russian  proposition  for 
international  cyber  norms  is  already  being  implemented  through  regional  Eurasian  blocs: 
Russia’s  vision  for  information  security  is  not  just  rhetorical. 

1,  United  Nations 

The  Russian  Federation’s  substantive  efforts  to  shape  the  international  cyber 
discussion  began  in  1998,  with  Russia’s  modest  proposal  at  the  United  Nations  General 
Assembly’s  Fifty-third  session  to  solicit  information  security  views  and  assessments  from 
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member  states.  Specifically,  Resolution  53/70,  “Developments  in  the  Field  of 
Information  and  Telecommunications  in  the  Context  of  International  Security,”  called  on 
U.N.  members  to  promote  international  consideration  of  information  threats  and  invited 
members  to  provide  their  views  on  information  security  in  general,  on  definitions,  and  on 
the  advisability  of  developing  international  principles  to  address  information  terrorism 
and  criminality. 209  Though  it  recognized  information  technology’s  potential  military 
applications,  the  resolution  did  not  address  information  security  as  a  military  issue, 
however. 

The  resolution  achieved  its  intent  of  opening  an  international  dialogue  on 
information  security.  For  example,  in  the  2010  “Report  of  the  Secretary  General,”  in 
response  to  A/RES/53/70,  Cuba  took  the  opportunity  to  express  its  concerns  with  “radio¬ 
electric  aggression  against  Cuba  from  United  States,”  accusing  the  United  States  of 
violating  Cuba’s  sovereignty  through  provocative  and  subversive  radio  and  television 
broadcasts. 2 10  A  similar  report  from  Georgia  in  A/RES/69/112  voiced  the  state’s 
concerns  about  the  use  of  cyber  weapons  during  the  2008  Russo-Georgian  conflict. 211 
This  forum  has  also  allowed  NATO  and  OSCE  member  states  to  articulate  their 
perspectives  on  international  information  security  strategies. 

More  importantly,  Russia’s  1998  resolution  also  initiated  a  parallel  U.N.  process 
for  studying  cyber  threats.  Again  thanks  to  Moscow’s  advocacy,  the  U.N.  assembled  a 
fifteen-member  Group  of  Governmental  Experts  (GGE)  with  a  mission  to  evaluate  cyber 
threats  and  to  propose  cooperative  solutions.  The  Group’s  first  effort  in  2004  failed; 
according  to  the  GGE’s  report  to  the  Secretary-General,  “given  the  complexity  of  the 
issues  involved,  no  consensus  was  reached  on  the  preparation  of  the  final  report.”2i2  The 
main  stumbling  block,  according  to  a  member  of  the  Russian  delegation,  was  the 
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applicability  of  intemational  humanitarian  law.2i3  The  U.N.  Office  for  Disarmament 
Affairs  elarifies  the  issues  faced  by  the  first  GGE: 


The  first  issue  was  the  question  of  the  impact  of  developments  in 
information  and  communieations  teehnologies  (ICTs)  on  national  seeurity 
and  military  affairs.  While  there  was  general  agreement  regarding  the 
importanee  of  such  developments,  consensus  could  not  be  found  on  the 
amount  of  emphasis  to  be  plaeed  on  this  concern,  and  whether  or  not  to 
include  language  that  stressed  the  new  threats  posed  by  State  exploitation 
of  ICTs  for  military  and  national  security  purposes. 

The  seeond  issue  was  the  question  of  whether  the  discussion  should 
address  issues  of  information  eontent  or  should  focus  only  on  information 
infrastructures.  There  was  partieular  disagreement  regarding  the  claim  that 
trans-border  information  content  should  be  controlled  as  a  matter  of 
national  security.  2 

In  short,  the  GGE  was  divided  on  whether  information  seeurity  considered  only  hostile 
code  or  also  reeognized  hostile  content. 

Despite  the  initial  impasse,  the  GGE  succeeded  in  publishing  its  first  report  in 
November  2005.  Of  the  164  nations  voting,  the  United  States  was  the  sole  country  to  vote 
against  the  draft  information  security  resolution  in  that  report.2i5  The  cause  of  the 
resolution’s  eontentiousness  was  the  U.S.  concern  that  information  technologies  “may 
adversely  affeet  the  integrity  of  the  infrastrueture  of  States  to  the  detriment  of  their 
security  in  both  civil  and  military  fields. ”216  What  the  United  States  considered  implieit 
in  the  resolution  was  an  attempt  to  establish  the  groundwork  for  measures  that  would 
allow  states  to  restriet  perceived  malieious  information  flow  across  state  boundaries.  The 
United  States  also  stated  that  the  Russian  proposal  failed  to  foeus  on  eybererime  and 


213  xini  Maurer,  “Cyber  Norm  Emergence  at  the  United  Nations — An  Analysis  of  the  UN's  Activities 
Regarding  Cyber-security,  ”  Discussion  Paper  2011-12,  Science,  Technology,  and  Public  Policy  Program, 
Belfer  Center  for  Science  and  Intemational  Affairs,  Harvard  Kennedy  School,  (September  2011):  22. 

214  “Fact  Sheet:  Developments  in  the  Field  of  Information  and  Telecommunications  in  the  Context  of 
Intemational  Security,”  U.N.  Office  for  Disarmament  Affairs,  last  modified  June  2013, 
http://www.un.org/disarmament/HomePage/factsheet/iob/Information_Security_Fact_Sheet.pdf 

213  Developments  in  the  Field  of  Information  and  Telecommunications  in  the  Context  of  International 
Security,  A/60/452,  United  Nations,  60th  sess.  (2005):  2. 

216  Developments  in  the  Field  of  Information  and  Telecommunications,  3. 
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unnecessarily  emphasized  military  concerns,  which  the  United  States  considered  to  be 
already  addressed  under  existing  international  humanitarian  law.217 

The  2005  resolution  included  provisions  for  subsequent  GGEs,  which  produced 
reports  in  2009  and  2013.  The  second  and  third  GGE’s  reports  and  resolutions  have 
advanced  the  discussion  on  information  security.  The  2013  report,  A/68/98,  recognized 
the  dual-use  nature  of  Information  and  Communications  Technologies  (ICT)  as  either 
legitimate  or  malicious,  the  security  challenge  posed  by  global  interconnectedness  and 
anonymity,  and  the  hostile  potential  of  state  and  non-state  actors.  It  also  emphasized 
responsible  state  behavior,  particularly  state  sovereignty  and  jurisdiction  over  ICT 
infrastructure,  as  well  as  states’  responsibilities  for  proxies  and  operation  of  non-State 
actors  within  national  jurisdiction.218  This  formulation  seems  to  be  a  Russian  concession 
to  accusations  of  its  permissive  attitude  toward  the  pro-Russian  cyber  attacks  against 
Estonia  and  Georgia;  by  condemning  and  disavowing  as  illegitimate  the  sort  of  hostile 
acts  that  were  previously  associated  with  Russia,  Russia’s  diplomats  have  in  return 
gained  acceptance  of  broader  definitions  of  threats  and  inserted  references  to  domestic 
cyber  sovereignty  and  hostile  content.  The  potential  significance  of  the  current  stage  of 
U.N.  discussion  might,  therefore,  be  a  mutual  recognition  of  subjective  cyber  threats 
perceived  by  the  Western  and  Russian  governments. 

Perhaps  just  as  important  as  its  success  in  shaping  the  cyber  terminology  via  U.N. 
resolutions,  Russia  has  managed  to  increase  international  support  for  its  initiatives  and 
perspective.  Through  2005,  Russia  was  the  sole  sponsor  of  its  resolutions  on  information 
security.  Erom  2006  to  2009,  Russia  attracted  29  cosponsors,  including  the  People’s 
Republic  of  China.  In  2010,  The  United  States  also  joined  as  a  co-sponsor — a  notable 
change  of  position  for  a  state  that  had  voted  against  the  resolutions  from  2005-2008  (the 
United  States  neither  co-sponsored  nor  vetoed  the  resolution  in  2013). ^19  This  trend, 

21^  Developments  in  the  field  of  Information  and  Telecommunications  in  the  Context  of  International 
Security,  Addendum,  A/59/1 16/Add. 1,  United  Nations,  59th  sess.  (2004):  3-4. 

218  Group  of  Governmental  Experts  on  Developments  in  the  Field  of  Information  and 
Telecommunications  in  the  Context  of  International  Security,  A/68/98,  United  Nations,  68th  sess.  (2013): 
6-7. 

219  Maurer,  “Cyber  Norm  Emergence,”  26-7. 
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however,  does  not  necessarily  imply  that  the  Russian  position  has  shifted  closer  to  the 
U.S.’s.  Among  the  43  cosponsors  of  the  2013  Resolution  were  Belarus,  China,  Cuba,  the 
Democratic  People’s  Republic  of  Korea,  Myanmar,  the  Syrian  Arab  Republic,  Sierra 
Leone,  Turkmenistan,  and  the  Sudan — not  a  single  E.U.  member  state  cosponsored  it. 220 
It  appears  that  Russian  advocacy  of  cyber  norms  favoring  its  cyber  threat  perception  is 
gaining  increasing  support  in  the  U.N.;  the  Russian  Federation’s  vision  of  an  international 
information  security  regime  seems  to  have  attracted  a  following  of  like-minded  states. 

The  Shanghai  Cooperation  Organization  (SCO)  is  the  core  of  the  international 
bloc  through  which  the  Russian  Federation  is  attempting  to  influence  the  global 
international  system.  Following  Russia’s  successful  sponsorship  in  2005  of  A/RFS/60/45, 
“Developments  in  the  Field  of  Information  and  Telecommunications  in  the  Context  of 
International  Security,”  the  heads  of  SCO  member  states  released  a  statement  on 
information  security,  endorsing  the  U.N.’s  approach.  Several  Russian  information 
security  concerns  are  evident  in  the  statement:  ICT  threats  to  internal  affairs  of  sovereign 
states,  military  and  political  ICT  uses  that  threaten  international  stability,  and  the  ongoing 
use  of  ICTs  by  some  countries  that  adversely  affect  the  whole  world.221  Unlike  the  U.N. 
resolutions’  wording  that  leaves  room  for  multiple  interpretations,  Russia’s  position 
expressed  via  the  SCO  is  unambiguous:  Russia  believes  that  the  United  States  is  using 
information  weapons,  or  hostile  content,  to  destabilize  other  states,  interfering  in  their 
internal  affairs. 

In  2011,  four  members  of  the  SCO,  China;  Russia;  Tajikistan;  and  Uzbekistan, 
appealed  to  the  U.N.  for  an  International  Code  of  Conduct  for  information  security. 
Though  the  preamble  to  the  Code  of  Conduct  echoed  the  wording  of  U.N.  resolutions,  its 
recommendations  more  closely  resembled  SCO  statement  on  information  security. 
Foremost  in  the  Code  of  Conduct  is  a  pledge  to  neither  carry  out  hostile  acts  nor 


220  Developments  in  the  Field  of  Information  and  Telecommunications  in  the  Context  of  International 
Security,  A/68/406,  United  Nations,  68th  sess.  (2013):  2. 

221  “Zayavleniye  Glav  Gosudarstv-Chlenov  SHOS  po  Mezhdunarodnoy  Informatsionnoy 
Bezopasnosti  [Statement  of  Heads  of  SCO  Member  States  on  International  Information  Security],”  The 
Shanghai  Cooperation  Organization,  last  modified  June  15,  2006, 
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proliferate  information  weapons.  The  Code  of  Conduct  pledge  repeatedly  stresses  mutual 
respect  of  state  sovereignty — states  may  defend  their  information  space  against  various 
threats  according  to  their  own  definitions  of  such  threats,  and  according  to  their  own 
definitions  of  rights  and  freedoms  in  the  information  space.  In  addition,  states  that  accept 
the  Code  of  Conduct  must  also  cooperate  with  other  states  in  “curbing  the  dissemination 
of  information  that... undermines  other  countries’  political,  economic,  and  social 
stability.”222  Russia’s  proposed  Code  of  Conduct  not  only  codifies  content  as  hostile,  but 
also  obligates  other  states  to  assist  Russia  in  removing  hostile  content,  even  within  their 
own  cyberspace. 

Though  Russian  efforts  at  the  United  Nations  have  not  resulted  in  a 
predominantly  pro-Russian  international  consensus,  they  are  indicative  of  Russia’s 
posture  and  intentions.  The  Russian  Federation  continues  to  work  toward  an  international 
framework  that  establishes  cyber  assurances  and  reduces  the  cyber  arms  race  as  Russia 
sees  that  race  to  be  unfolding.  Its  defensive  tone  is  slowly  gaining  international 
acceptance  and  support  as  other  illiberal  democracies  and  authoritarian  regimes  that  share 
Russian  security  concerns  align  themselves  with  Russia’s  position. 

2,  Draft  Convention  on  International  Information  Security 

Within  ten  days  of  proposing  the  Code  of  Conduct  to  the  U.N.,  Russia  presented  a 
conceptual  Convention  on  International  Information  Security  at  the  2nd  International 
Meeting  of  High-Ranking  Officials  Responsible  for  Security  Matters — an  effort  to  shape 
international  discourse  concurrently  with  similar  U.N.  efforts.  This  document  is  a  lucid 
articulation  of  Russian  perceptions  of  information  threats,  and  Russia’s  international 
agenda.  Keir  Giles  succinctly  summarizes  the  draft  Convention:  the  Russian  vision  of 
Internet  governance  espouses  “important  caveats  on  the  flow  of  information  and  an 
insistence  on  national  sovereignty  in  cyberspace. ”223 


222  Letter  Dated  12  September  2011  From  the  Permanent  Representatives  of  China,  the  Russian 
Federation,  Tajikistan,  and  Uzbekistan  to  the  United  Nations  Addressed  to  the  Secretary-General, 
A/66/359,  United  Nations,  66th  sess.  (2011):  4. 

223  Giles,  “Russia’s  Public  Stance,”  67. 
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From  the  outset,  Russia  proposes  a  trade-off  between  freedom  of  information  flow 
and  openness,  in  Article  1,  Subject  and  Aim  of  the  Convention.  The  Convention  defines 
the  rights  of  government  in  the  information  spaces  as  “compatible  with  the  right  of  each 
individual  to  seek,  receive,  and  distribute  information  and  ideas,  as  is  affirmed  in  UN 
documents,  while  keeping  in  mind  that  this  right  may  be  restricted  through  legislation  to 
protect  the  national  and  social  security  of  each  State”  and  “guaranteeing  the  free 
exchange  of  technology  and  information,  while  maintaining  respect  for  the  sovereignty  of 
States. ”224  In  order  to  promote  international  peace  and  security,  including  non¬ 
interference  in  domestic  issues,  the  Convention  proposes  a  version  of  the  Internet  subject 
to  the  domestic  politics  of  participating  states. 

These  aims  follow  from  Russia’s  definition  of  information  threats  to  international 
security.  Of  the  eleven  stated  threats,  three  derive  from  the  Russian  understanding  of  the 
information-psychological  aspect  of  information  warfare: 

4)  actions  in  the  information  space  aimed  at  undermining  the  political, 
economic,  and  social  system  of  another  government,  and  psychological 
campaigns  carried  out  against  the  population  of  a  State  with  the  intent  of 
destabilizing  society. . . 

6)  the  dissemination  of  information  across  national  borders,  in  a  manner 
counter  to  the  principles  and  norms  of  international  law,  as  well  as  the 
national  legislation  of  the  government  involved. . . 

8)  the  manipulation  of  the  flow  of  information  in  the  information  space  of 
other  governments,  disinformation  or  the  concealment  of  information  with 
the  goal  of  adversely  affecting  the  psychological  or  spiritual  state  of 
society,  or  eroding  traditional  cultural,  moral,  ethical,  and  aesthetic 

values 225 

These  threats  are  also  captured  in  the  Convention’s  definition  of  information  warfare, 
which,  in  addition  to  information-technical  attacks,  includes  psychological  campaigns 
intended  to  destabilize  society  and  government. 

In  its  principles  for  ensuring  international  information  security,  the  Convention 
reiterates  the  observance  of  non-use  of  force,  illegality  of  information  warfare,  non- 

224  “Convention  on  International  Information  Security.” 
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interference  in  foreign  information  spaces,  necessity  for  balancing  human  rights  and 
information  security,  and  primacy  of  national  sovereignty  with  respect  to  Internet 
governance.  It  also  introduces  appeals  to  the  notion  of  indivisibility  of  security, 
prohibiting  states  from  strengthening  “their  security  at  the  expense  of  the  security  of 
other  states. ”226  This  appeal,  as  Keir  Giles  argues,  is  based  on  loaded  term  that  masks 
different  understandings  of  “indivisibility  of  security”  by  Russia  and  the  West.  227  What 
the  Convention  implies  behind  the  concept  is  unclear,  but  based  on  the  subsequent 
principle  addressing  the  need  for  bridging  a  digital  divide  among  various  states,  Russia 
may  be  alluding  to  U.S.  investment  in  military  cyber  forces.  If  so,  the  Convention  echoes 
Jervis's  definition  of  the  security  dilemma;  a  situation  in  which  purely  defensive 
investments  increase  the  insecurity  of  other  states.  For  this  to  occur,  however,  postures 
must  be  indistinguishable  as  offensive  or  defensive.  Therefore,  Russia's  claim  that  other 
states'  information  security  investments  violate  the  principle  of  indivisibility  of  security 
implies  that  Russians  view  the  international  environment  as  one  in  which  cyber  postures 
cannot  be  easily  distinguished. 

Chapters  2,  3,  and  4  of  the  draft  Convention  propose  measures  for  averting 
military  conflict,  preventing  terrorist  use,  and  counteracting  illegal  activities.  Among 
these  proposed  measures  several  stand  out.  To  prevent  military  conflict,  states  adopting 
the  Convention,  must  agree  not  only  to  refrain  from  undertaking  or  threatening  with 
hostile  actions,  but  must  also  “refrain  from  developing  and  adopting  plans  or  doctrines 
capable  of  increasing  threats... straining  relations. ”228  States  must  also  take  measures  to 
prevent  “untruthful  or  distorted  messages”  originating  within  their  own  information  space 
that  other  states  might  consider  hostile. 229  Effectively,  the  Convention  seeks  not  just  a 
freeze  on  military  development  in  cyberspace,  but  mandates  that  states  take  action  to 
assuage  the  security  concerns  of  other  states,  according  to  those  states’  threat  perceptions. 
This  framework  for  international  security  extends  the  responsibility  for  states  to  respond 

226  “Convention  on  International  Information  Security.” 

227  Giles,  “Russia’s  Public  Stance,”  65. 
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to  the  actions  of  domestic  non-state  actors,  upon  the  request  of  aggrieved  states, 
suggesting  that  not  all  states  have  the  domestic  capacity  to  defend  themselves. 

Though  Russia  has  not  advocated  for  this  conceptual  convention  to  be  proposed  at 
the  United  Nations,  it  has  presented  an  alternative  to  Western  approaches,  particularly  to 
the  Council  of  Europe  Convention  on  Cyber  crime  that  Russia  has  not  signed.  230  The 
Convention  articulates  a  vision  for  the  Internet  that  may  appeal  to  states  that  are  not  able 
to  safeguard  their  information  space.  Its  emphasis  on  military  restrictions  along  with 
criminal  countermeasures  likely  reflects  its  own  insecurity  and  defensive  orientation. 
Russia  appears  willing  to  cooperate  internationally,  preventing  events  like  the  2007 
Estonia  cyber  attacks  or  curbing  its  cybercriminal  underground,  to  gain  broader  security 
guarantees  and  to  halt  the  development  of  America’s  military  cyber  power.  This  may 
imply  that  Russia  places  more  strategic  value  on  defending  against  its  perceived  global 
information  threat  than  on  the  offensive  capability  used  during  the  Estonia  attacks. 

D,  HYPOTHESIS  ASSESSMENT 

The  dominant  theme  throughout  Russian  scholarly  discourse,  official  documents, 
military  doctrine,  and  international  efforts  is  that  Russia  feels  vulnerable  in  cyberspace 
relative  to  other  great  powers,  and  takes  a  defensive  posture  on  cyberspace  issues. 23i 
Cyber  power,  according  to  David  Betz  and  Tim  Stevens,  can  be  subdivided  as 
compulsory,  institutional,  structural,  or  productive. 232  The  Russian  position  seems  to 
recognize  a  capability  gap  in  its  compulsory,  structural,  and  productive  cyber  power; 
consequently,  Russia  appears  to  focus  its  efforts  on  developing  and  exercising  its 
institutional  cyber  power.  The  intent  of  these  efforts  is  either  to  eliminate  Russia’s  cyber 
vulnerabilities  through  an  international  prohibition  on  the  types  of  weapons  that  they 
perceive  as  threatening,  or  to  buy  time  to  develop  its  own  offensive  capability  by  stalling 
leading  cyber  powers.  This  interpretation  supports  H3.  Russia’s  cyber  capability  is 

230  Giles,  “Russia’s  Public  Stance,”  66-67. 

23 1  [This  analysis  assumes  that  Russian  sources  genuinely  convey  Russian  security  concerns,  and  that 
they  are  not  deliberately  misleading.  Because  Russia  places  high  value  on  information  operations,  this  may 
be  an  incorrect  assumption,  but  the  author  did  not  find  sources  that  suggest  a  misinformation  campaign.] 

232  David  J.  Betz  and  Tim  Stevens,  “Chapter  One:  Power  and  Cyberspace,”  Adelphi  Series  51,  no.  424 
(2011):  42-53.  doi:  10.1080/19445571.2011.636954. 
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offensive  and  the  posture  is  distinguishable  as  either  offensive  or  defensive  and  H4. 
Russia’s  cyber  capability  is  defensive  and  the  posture  is  distinguishable  as  either 
offensive  or  defensive.  There  are  several  nuanees  to  Russia’s  position  that  potentially 
weaken  this  interpretation,  however. 

First,  beeause  the  Russian  eoneept  of  eyber  eapability  is  inextrieably  linked  to  the 
notion  of  information  eonfrontation,  its  posture  refleets  Russia’s  unique  understanding  of 
the  international  system.  That  is,  Russia’s  defensive  posture  reflects  a  different  set  of 
threats  and  a  different  understanding  of  a  security  dilemma.  The  West’s  understanding  of 
the  cyber  security  dilemma  does  not  consider,  for  example,  non-governmental 
organizations  that  promote  democratic  reforms  as  a  potential  means  of  hostile 
confrontation — Russia’s  understanding  does.  Because  of  this  divergent  understanding, 
Russia  sees  its  own  vulnerabilities  and  hostile  enemy  capabilities  where  others  might  not. 
Thus,  in  considering  Russia’s  posture  and  intentions,  it  is  important  to  recognize  that  if  its 
state-level  intentions  or  posture  seems  inconsistent  with  an  international-level 
understanding  of  the  security  dilemma,  this  may  be  the  consequence  not  of  Russian 
deliberate  misalignment  or  misunderstanding  or  the  international  system,  but  instead  the 
result  of  a  fundamentally  different  understanding  of  cyber  power. 

Another  confounding  factor  is  the  longitudinal  aspect  of  this  chapter’s  analysis — 
Russia’s  posture  has  changed  over  time.  Though  the  documents  differ  in  scope  and  focus, 
the  shallow  consideration  of  information  security  issues  in  the  Russian  Federation 
National  Security  Strategy  Through  2020  may  suggest  that  Russian  insecurity  is 
decreasing  relative  to  the  security  assessment  at  the  publication  of  the  Information 
Security  Doctrine.  At  the  very  least,  the  sparse  references  to  information  security  in 
National  Security  Strategy  make  assessment  of  Russia’s  posture  more  difficult  than  the 
clearly  expressed  concerns  of  the  much  earlier  Information  Security  Doctrine.  This 
Chapter’s  cross-sectional  methodology  that  also  considered  international  efforts  and 
scholarly  opinions  may  mitigate  some  of  these  concerns,  however.  The  contemporaneous 
stance  of  Russian  scholars  and  military  officers,  as  well  as  Russian  international  efforts, 
compensate  for  the  National  Security  Strategy 's  ambiguity. 
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Developments  in  the  Russian  military  doetrine  also  eomplieate  posture  analysis. 
The  Military  Doctrine  of  the  Russian  Federation  appears  to  be  defensive,  but  vague;  the 
Conceptual  Views  Regarding  the  Activities  of  the  Armed  Forces  of  the  Russian 
Federation  in  Information  Space  was  defensively-minded;  and  the  Gerasimov  doetrine 
appears  highly  aggressive.  This  apparent  contradiction  of  doctrinal  views  reduces  the 
level  of  certainty  in  Russia’s  cyber  posture.  It  may  be  possible  to  reconcile  these 
contradictory  views  somewhat.  Russia’s  defensive  posture  seems  oriented  toward 
Russia’s  perceived  global  information  confrontation  with  America.  Russia’s  offensive 
posture,  on  the  other  hand,  is  oriented  toward  its  near  abroad.  Depending  on  the  relative 
balance  of  cyber  power,  Russia  acts  defensively  or  aggressively.  Alternatively,  it  may  be 
the  case  that  Russia’s  aggression  on  its  periphery  stems  from  its  defensive  insecurity.  As 
John  Mearsheimer  argues  more  broadly  about  the  conflict  in  Ukraine,  Russia’s  aggressive 
actions  toward  its  neighbors  may  be  seen  as  a  defensive  a  reaction  to  encroachment  on  a 
great  power’s  periphery.233 

In  summary,  this  chapter  evaluated  whether  Russia’s  cyber  posture  is 
distinguishable — Robert  Jervis’s  second  critical  variable  that  determines  the  security 
dilemma.  The  author’s  conclusion  based  on  Russian  public  and  official  sources  suggests 
that  the  posture  is  most  accurately  distinguished  as  defensive.  Like  Russia’s  changing 
cyber  weapons  investments,  this  posture  is  also  dynamic.  In  addition  to  the  inherent 
difficulty  in  ascertaining  whether  the  publically-perceived  posture  genuinely  reflects  the 
Russian  government’s  actual  intentions,  inconsistencies  among  Russian  sources  might 
suggest  that  the  Russian  cyber  posture  is  changing.  Nonetheless,  the  preponderance  of 
evidence  points  to  a  predominantly  defensive  posture. 


333  John  Mearsheimer,  “Why  the  Ukraine  Crisis  Is  the  West’s  Fault,”  Foreign  Affairs  93,  no.  5 
(September  2014):  77-89.  Business  Source  Complete,  EBSCOhost  (accessed  February  1,  2015). 
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IV.  CONCLUSION 


This  final  chapter  uses  the  evidenee,  findings,  and  warrants  from  the  previous 
evidentiary  chapters  that  evaluated  Russia’s  cyber  power  according  to  Robert  Jervis’s 
offense-defense  variables.  The  first  section  determines  the  dominant  hypothesis  that 
answers  the  author’s  researeh  question;  what  are  Russia’s  eapabilities  and  intentions  in 
eyberspace?  Based  on  the  dominant  hypothesis,  the  following  section  addresses  the 
study’s  implications  and  significance  for  both  the  international  relations  understanding  of 
Russian  cyber  power  and  the  efficaey  of  using  offense-defense  theory  to  study  this  issue. 
The  final  section  of  the  chapter  acknowledges  the  limitations  of  this  study  and  proposes 
topics  for  subsequent  researeh. 

A,  HYPOTHESIS  ASSESSMENT 

Chapters  II  and  III  ascertained  that  Russia’s  eyber  eapability  is  offensive  and  that 
its  posture  is  distinguishable,  speeifically  that  it  is  defensive.  These  conclusions  support 
hypothesis  three: 

H3.  Russia’s  cyber  capability  is  offensive  and  the  posture  is  distinguishable  as 
either  offensive  or  defensive. 

According  to  Robert  Jervis’s  Four  Worlds  model,  an  international  system  that  reflects 
this  hypothesis  does  not  inherently  lead  to  a  seeurity  dilemma,  but  it  does  allow  for 
cireumstances  under  whieh  revisionist  or  even  status-quo  states  might  war. 234  if  the 
postures  of  all  major  states  were  like  Russia’s,  according  to  Jervis,  “states  will  have  to 
wateh  each  other  earefully,  and  there  is  room  for  false  suspieions”;  it  is  a  world  in  whieh 
stability  depends  on  early  warnings. 235  in  cyberspace,  surveillance  and  deteetion  of 
aggressive  intentions  is  especially  difficult;  and  Russia’s  bellicose  behavior,  aggressive 
Gerasimov  doetrine,  and  overt  efforts  at  manipulating  international  pereeptions  suggest 
that  other  states  should  be  espeeially  wary  of  the  Russian  Federation. 


234  Jervis,  “Cooperation  Under  the  Security  Dilemma,  ”  213-4. 

235  Ibid.,  213. 
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Recent  Russian  efforts  seek  to  harden  its  cyber  terrain  as  well  as  improving 
domestic  Internet  governance,  perhaps  signaling  that  it  is  attempting  to  dampen  security 
dilemma  pressures.  This  may  not  necessarily  be  the  case,  however,  since  even  defensive 
investments  might  make  other  states  feel  more  insecure.  For  example,  Russian 
restrictions  on  anonymous  domestic  Internet  use  may  limit  Russia’s  own  offensive 
capability  since  it  will  be  more  difficult  to  conduct  unattributed  attacks  from  within 
Russia’s  cyber  terrain,  but  such  changes  also  increase  the  cost  for  others  to  conduct 
attacks  on  Russian  targets.  Similarly,  although  Russian  law  enforcement  authorities 
dismantled  the  Russian  Business  Network  cybercrime  organization,  a  sophisticated  and 
decentralized  cyber  underground  has  emerged  in  its  place.  Russian  investments  in 
domestically  focused  firewalls,  content  filters,  and  SORM  devices  appear  to  defend 
against  domestic  hostile  content,  but  the  underlying  technology  can  be  reoriented 
externally  as  well.  Russia’s  goal  appears  to  be  to  create  a  fractured  Internet  and  to  have 
the  ability  to  exert  control  over  the  content  and  logic  within  its  cyberspace.  The  following 
section  outlines  some  possible  consequences  of  a  “fractured  Internet.” 

Although  Russian  documents  cite  purely  defensive  security  concerns  for  these 
developments,  they  may  in  reality  be  a  defensive  buildup  to  deny  preemptive  or  counter 
attacks.  It  may  be  more  likely  that  Russia  is  on  a  trajectory  that  would  move  it  closer  to 
Jervis’s  unstable  first  world  case;  a  world  in  which  offense  dominates,  and  the  posture  is 
indistinguishable  as  offensive  or  defensive.  Specifically,  Russia  has  muddled  the  degree 
to  which  states  can  clearly  distinguish  its  posture  as  defensive.  Whereas  Russian 
academic  and  military  discussions  of  cyber  power  increasingly  discuss  its  offensive 
applications  as  both  hostile  code  and  content,  Russian  official  doctrine  and  government 
policy  makes  less  mention  of  cyber  security  considerations.  This  may  suggest  a  shift  in 
Russian  posture  toward  a  more  aggressive  and  secretive  stance;  the  Gerasimov  Doctrine 
may  have  provided  an  unofficial  insight  into  this  new,  more  aggressive  view  on 
employing  cyber  power.  As  with  Russia’s  initiatives  to  harden  its  cyber  terrain,  this 
change  in  posture  similarly  increases  uncertainty  about  Russia’s  intentions;  this  increased 
uncertainty  and  reliance  on  perceptions  is  likely  to  increase  security  dilemma  pressures 
on  the  international  system,  or  at  least  among  Russia’s  neighbors. 
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Additionally,  although  this  paper  applied  Jervis’s  offense-defense  theory  at  the 
state  level,  the  resulting  hypothesis  should  also  be  interpreted  in  the  eontext  of  the 
international  system.  Russia’s  seeurity  eoneerns  appear  to  be  based  on  perceived 
vulnerability  relative  to  the  aggressive  behavior  of  other  great  powers — responding  to 
their  content-as-a-weapon  offensive  intended  to  destabilize  Russia’s  domestic 
environment,  according  to  Russian  leaders.  Despite  this  publically-articulated  security 
concern,  Russians,  or  pro-Russian  proxies,  have  also  used  its  offensive  cyber  capabilities 
against  their  neighbors.  Russia’s  capabilities,  perceptions,  and  posture  in  cyberspace, 
therefore,  differ  depending  on  one’s  perspective;  it  acts  defensively  relative  to  other  great 
powers,  but  offensively  as  a  would-be  regional  hegemon. 

Although  this  net  assessment  appears  nuanced,  it  fits  a  theoretical  pattern  that 
Stephen  van  Evera  hypothesized  as  a  consequence  of  the  offense-defense  theory 
paradigm  for  the  causes  of  war.  He  described  ten  explanations  for  why  some  states  may 
choose  to  go  to  war  in  a  world  in  which  offense  dominates,  and  two  of  these 
complimentary  hypotheses  appear  to  match  Russia’s  behavior;  defensive  expansionism 
and  fierce  resistance  to  expansion. 236  According  to  van  Evera,  when  conquest  is  easy, 
states  compete  more  aggressively  for  resources  on  their  periphery,  creating  buffer  zones, 
expanding  their  own  resources,  and,  importantly,  preempting  adversaries’  expansion  into 
the  same  space. 237  Applying  this  concept  to  the  cyber  domain,  using  the  Russian  concept 
of  both  hostile  code  and  hostile  content,  Russian  cyber  aggression  towards  its  neighbors 
is  an  attempt  to  preempt  or  thwart  what  current  Russian  leaders  perceive — evidenced 
according  to  them  by  color  revolutions  and  the  Arab  Spring — as  adversarial  expansion  by 
hostile  powers  into  the  same  information  space.  Russia's  global  defensive  posture,  but 
local  aggressiveness,  therefore,  suggests  that  Russia’s  role  in  cyberspace  may  be 
categorized  as  motivated  by  defensive  expansion. 

Einally,  the  author  anticipated  that  a  potential  research  outcome  could  be  an 
inapplicability  of  offense-defense  theory  to  the  subject  of  Russian  cyber  capability — 
hypothesis  five.  With  modifications  to  suit  a  state-level  analysis  and  the  distinctive 

236  Evera,  “Offense,  Defense,  and  the  Causes  of  War,”  7. 

237  Ibid.,  7-9 
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properties  of  eyber  power,  this  theoretical  framework  appears  applicable  and  effective. 
More  so,  because  the  offense-defense  paradigm  assessment  of  Russian  behavior  comports 
with  Stephen  van  Evera’s  theoretical  pattern  of  state  behavior,  this  approach  also 
demonstrates  internal  theoretical  consistency  and  parsimony  for  applying  Robert  Jervis’s 
offense-defense  theory  to  the  study  of  cyber  power. 

B,  LIMITATIONS  AND  FUTURE  RESEARCH 

The  secrecy  necessary  to  develop  and  preserve  sophisticated  cyber  weapons  and 
to  establish  and  maintain  persistent  access  to  potential  adversaries’  cyber  assets,  as  well 
as  the  difficulty  in  attributing  offensive  cyber  operations,  complicate  cyber  capability 
assessments.  In  the  relatively  short  history  of  cyber  conflict  many  of  the  key  international 
cyber  events  have  been  associated  with  Russia,  and  this  study  benefits  from  having  a 
historical  record  of  what  might  otherwise  be  a  silent  arms  race. 238  Despite  the  public 
knowledge  and  scholarly  examination  of  Russia-affiliated  cyber  events,  the  evidence  still 
presents  analytic  challenges.  Most  importantly,  the  challenge  of  positive  attribution  and 
the  difficulty  in  assessing  the  degree  of  control  that  the  Russian  government  has  over  its 
proxy  cyber  actors  means  that  it  is  possible  that  the  author  incorrectly  attributed  these 
capabilities.  Similarly,  the  secrecy  of  high-end  Russian  cyber  weapons  requires  relying 
on  other  states'  speculations  about  such  capabilities.  Official  Russian  documents  also 
demand  skepticism;  it  is  almost  certain  that  Russian  doctrine  and  strategy  in  cyberspace 
is  more  thoroughly  addressed  in  classified  forums.  These  challenges  are  not  as  troubling 
as  they  appear,  however.  Russian-affiliated  cyber  attacks  have  typically  relied  on  low- 
sophistication  cyber  weapons  that  were  widely  known  and  available;  Russia’s  main  cyber 
capability  is  not  secret.  States  that  perceive  Russia  as  a  cyber  threat  may,  therefore, 
protect  against  most  of  Russian  offensive  cyber  capability  by  investing  in  defenses 
against  known  vulnerabilities  and  exploits. 

A  merit  of  offense-defense  theory  is  that  it  can  incorporate  and  reflect  the 
weapons  capability  uncertainty  stemming  from  secrecy  and  attribution  difficulties;  the 
theory's  virtue  is  that  its  variables  fundamentally  acknowledge  states'  perceptions  and 

238  Huntley,  “Offense,  Defense,  and  Cyber  War,”  5. 
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partial  information.  Unfortunately,  because  perceptions,  according  to  realist  international 
relations  theory,  tend  to  reflect  pessimistic  expectations  about  others’  intentions,  states’ 
assessments  of  an  international  system  that  relies  on  perceptions  more  than  on  facts,  may 
lead  to  suboptimal  foreign  policy  decisions  and  create  more  volatility  than  the  actual 
situation  warrants. 

Another  challenge  is  reconciling  Russia's  state-level  assessment  with  the 
international-level  view  of  the  cyberspace  security  dilemma;  Russia's  understanding  of 
cyber  power  that  includes  hostile  content  differs  from  the  Western  definition  that  does 
not.  This  difference  in  definitions  complicates  the  understanding  of  the  forces  underlying 
the  security  dilemma.  In  describing  the  international  environment,  Jervis  describes  states’ 
security  demands  as  subjective;  the  vulnerability  that  states  feel  is  situationally 
subjective. 239  Russia’s  feeling  of  insecurity  in  cyberspace  is  an  extreme  case  of  this 
phenomenon.  Their  belief  that  content  can  be  hostile  leads  Russian  leaders  to  feel 
threatened  in  situations  in  which  other  states  might  not  perceive,  or  feel  responsible  for 
causing,  a  security  threat.  Aside  from  emphasizing  offense-defense  theory’s 
acknowledgement  of  the  subjectivity  of  security  perceptions,  the  author  does  not  see  an 
elegant  solution  for  reconciling  security  perceptions  in  an  international  system  in  which 
two  different  sets  of  states  categorize  different  types  of  cyber  operations  as  security 
threats.  Additional  research  may  resolve  this  challenge  by  comparatively  examining  U.S. 
doctrine  for  cyber-enabled  information  and  psychological  operations  and  the  Russian 
doctrine  for  information  warfare. 

Finally,  the  author  does  not  strive  to  recommend  or  comment  on  specific  U.S. 
cyber  policy,  but  instead  proposes  an  offense-defense  theory  interpretation  of  divergent 
Western  and  Shanghai  Cooperation  Organization  approaches  to  international  Internet 
governance.  The  SCO  bloc  of  countries  consistently  proposes  internationally,  and 
implements  domestically,  a  policy  that  may  lead  to  a  fractured  Internet,  or  at  least  a  more 
nationalized  implementation  of  their  cyber  terrain.  This  impulse  appears  to  stem  from 
these  states’  concerns  that  the  open,  indefensible  current  structure  of  the  Internet  presents 


239  Jervis,  “Cooperation  Under  the  Security  Dilemma,  ”  174-6. 
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a  security  threat,  due  mainly  to  their  perception  that  hostile  content  may  destabilize  their 
autocratic  regimes.  The  U.S.  and  European  Union  bloc  of  countries,  in  contrast, 
recognize  a  threat  based  on  malicious  logic,  but  not  content. 

Russian  emphasis  on  increasing  cyber  terrain  defensiveness  only  reflects  Russia’s 
investment  choices.  The  difference  in  Russian  and  Western  perspectives  of  the  cyber 
threat,  and  the  resulting  divergent  defensive  approaches,  exacerbate  the  offense- 
dominance  security  dilemma  pressures  in  cyberspace.  However,  further  study  is 
necessary  to  ascertain  if  a  fractured  Internet  would  fundamentally  change  the  offense 
dominance  of  cyber  weapons  at  the  international  level.  For  example,  a  potential  approach 
to  decreasing  security  dilemma  pressures  may  be  to  support,  or  at  least  tolerate,  a 
fracturing  of  cyberspace.  If  states  divide  the  Internet  into  national  zones,  new  defensive 
Internet  terrain  features  will  emerge — a  fractured  Internet  will  be  an  Internet  that  raises 
the  cost  of  aggression  for  all  parties,  reducing  the  security  dilemma.  Alternately,  if 
Western  bloc  countries  perceive  themselves  as  the  current  and  future  victors  of  a  cyber 
arms  race,  then  it  may  instead  be  in  their  interest  to  uphold  an  open  Internet  structure  that 
gives  them  a  position  of  greater  relative  power,  denying  others  an  Internet  re-architecture 
that  would  make  them  relatively  less  weak. 

As  Kenneth  N.  Waltz  eloquently  summarizes  the  value  of  realist  international 
relations  theory  in  Man,  the  State,  and  War:  A  Theoretical  Analysis,  “Each  state  pursues 
its  own  interests,  however  defined,  in  ways  it  judges  best. . .  a  foreign  policy  based  on  [the 
international  system  level  of  analysis]  of  international  relations  is  neither  moral  nor 
immoral,  but  embodies  merely  a  reasoned  response  to  the  world  about  us. ”240  This  study 
concludes  that  Robert  Jervis’s  offense-defense  theory  is  an  excellent  tool  for  conducting 
this  reasoned,  dispassionate  analysis  to  better  understand  state  behavior  in  cyberspace  and 
to  craft  foreign  policy  accordingly. 


240  Kenneth  N.  Waltz,  Man,  the  State,  and  War:  A  Theoretical  Analysis  (New  York:  Columbia 
University,  1969),  238.  [Waltz’s  original  text  is  “A  foreign  poliey  based  on  this  image  of  international 
relations.”  The  image  that  he  references  is  his  proposed  third  image  of  analysis — the  anarchic  international 
system.] 
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APPENDIX.  ADDITIONAL  ANALYTIC  CONSIDERATIONS 


This  appendix  presents  additional  researeh  findings  amplifying,  eorroborating, 
and  refuting,  as  appropriate  and  applicable,  the  open  source  material  referenced  in  this 
thesis.  The  appendix  is  classified  TOP  SECRET.  To  obtain  a  copy  of  this  classified 
appendix,  please  contact  the  Naval  Postgraduate  School’s  Dudley  Knox  Eibrary. 
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